From 59161dbdf4da5b82b27402f93d7007a11b2d1cc1 Mon Sep 17 00:00:00 2001 From: beck <> Date: Thu, 26 Jan 2017 10:40:21 +0000 Subject: Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@ --- src/lib/libssl/d1_both.c | 18 +-- src/lib/libssl/d1_clnt.c | 8 +- src/lib/libssl/d1_lib.c | 4 +- src/lib/libssl/d1_pkt.c | 42 +++---- src/lib/libssl/d1_srtp.c | 32 +++--- src/lib/libssl/d1_srvr.c | 12 +- src/lib/libssl/s3_lib.c | 48 ++++---- src/lib/libssl/ssl_asn1.c | 4 +- src/lib/libssl/ssl_both.c | 26 ++--- src/lib/libssl/ssl_cert.c | 32 +++--- src/lib/libssl/ssl_ciph.c | 12 +- src/lib/libssl/ssl_clnt.c | 262 ++++++++++++++++++++++---------------------- src/lib/libssl/ssl_err.c | 224 +------------------------------------ src/lib/libssl/ssl_lib.c | 98 ++++++++--------- src/lib/libssl/ssl_locl.h | 4 +- src/lib/libssl/ssl_packet.c | 18 +-- src/lib/libssl/ssl_pkt.c | 74 ++++++------- src/lib/libssl/ssl_rsa.c | 104 +++++++++--------- src/lib/libssl/ssl_sess.c | 30 ++--- src/lib/libssl/ssl_srvr.c | 220 ++++++++++++++++++------------------- src/lib/libssl/ssl_txt.c | 4 +- src/lib/libssl/t1_enc.c | 44 ++++---- src/lib/libssl/t1_lib.c | 26 ++--- src/lib/libssl/t1_reneg.c | 24 ++-- 24 files changed, 572 insertions(+), 798 deletions(-) diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index a9a4c1a13b..fb7e289d96 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.46 2017/01/23 13:36:12 jsing Exp $ */ +/* $OpenBSD: d1_both.c,v 1.47 2017/01/26 10:40:21 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -410,7 +410,7 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) S3I(s)->tmp.reuse_message = 0; if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_GET_MESSAGE, + SSLerror( SSL_R_UNEXPECTED_MESSAGE); goto f_err; } @@ -476,13 +476,13 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) /* sanity checking */ if ((frag_off + frag_len) > msg_len) { - SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, + SSLerror( SSL_R_EXCESSIVE_MESSAGE_SIZE); return SSL_AD_ILLEGAL_PARAMETER; } if ((frag_off + frag_len) > (unsigned long)max) { - SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, + SSLerror( SSL_R_EXCESSIVE_MESSAGE_SIZE); return SSL_AD_ILLEGAL_PARAMETER; } @@ -495,7 +495,7 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) */ if (!BUF_MEM_grow_clean(s->internal->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) { - SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB); + SSLerror(ERR_R_BUF_LIB); return SSL_AD_INTERNAL_ERROR; } @@ -509,7 +509,7 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) * They must be playing with us! BTW, failure to enforce * upper limit would open possibility for buffer overrun. */ - SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, + SSLerror( SSL_R_EXCESSIVE_MESSAGE_SIZE); return SSL_AD_ILLEGAL_PARAMETER; } @@ -803,7 +803,7 @@ again: /* parse the message fragment header */ dtls1_get_message_header(wire, &msg_hdr) == 0) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, + SSLerror( SSL_R_UNEXPECTED_MESSAGE); goto f_err; } @@ -846,7 +846,7 @@ again: else /* Incorrectly formated Hello request */ { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, + SSLerror( SSL_R_UNEXPECTED_MESSAGE); goto f_err; } @@ -878,7 +878,7 @@ again: */ if (i != (int)frag_len) { al = SSL3_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, + SSLerror( SSL3_AD_ILLEGAL_PARAMETER); goto f_err; } diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c index c0f90dce6f..fd981c5f8e 100644 --- a/src/lib/libssl/d1_clnt.c +++ b/src/lib/libssl/d1_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_clnt.c,v 1.71 2017/01/26 06:32:58 jsing Exp $ */ +/* $OpenBSD: d1_clnt.c,v 1.72 2017/01/26 10:40:21 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -216,7 +216,7 @@ dtls1_connect(SSL *s) cb(s, SSL_CB_HANDSHAKE_START, 1); if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00)) { - SSLerr(SSL_F_DTLS1_CONNECT, + SSLerror( ERR_R_INTERNAL_ERROR); ret = -1; goto end; @@ -571,7 +571,7 @@ dtls1_connect(SSL *s) /* break; */ default: - SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE); + SSLerror(SSL_R_UNKNOWN_STATE); ret = -1; goto end; /* break; */ @@ -632,7 +632,7 @@ dtls1_get_hello_verify(SSL *s) goto truncated; if (ssl_version != s->version) { - SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION); + SSLerror(SSL_R_WRONG_SSL_VERSION); s->version = (s->version & 0xff00) | (ssl_version & 0xff); al = SSL_AD_PROTOCOL_VERSION; goto f_err; diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c index e193d4ab81..bd78494e66 100644 --- a/src/lib/libssl/d1_lib.c +++ b/src/lib/libssl/d1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_lib.c,v 1.39 2017/01/26 06:32:58 jsing Exp $ */ +/* $OpenBSD: d1_lib.c,v 1.40 2017/01/26 10:40:21 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -406,7 +406,7 @@ dtls1_check_timeout_num(SSL *s) if (D1I(s)->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { /* fail the connection, enough alerts have been sent */ - SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED); + SSLerror(SSL_R_READ_TIMEOUT_EXPIRED); return -1; } diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 3ea02700b5..5e33a966de 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.60 2017/01/26 06:32:58 jsing Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.61 2017/01/26 10:40:21 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -255,7 +255,7 @@ err: free(rdata->rbuf.buf); init_err: - SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); free(rdata); pitem_free(item); return (-1); @@ -354,7 +354,7 @@ dtls1_process_record(SSL *s) /* check is not needed I believe */ if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); + SSLerror(SSL_R_ENCRYPTED_LENGTH_TOO_LONG); goto f_err; } @@ -396,7 +396,7 @@ dtls1_process_record(SSL *s) (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && orig_len < mac_size + 1)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT); + SSLerror(SSL_R_LENGTH_TOO_SHORT); goto f_err; } @@ -433,7 +433,7 @@ dtls1_process_record(SSL *s) if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); + SSLerror(SSL_R_DATA_LENGTH_TOO_LONG); goto f_err; } @@ -650,7 +650,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) if ((type && type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) || (peek && (type != SSL3_RT_APPLICATION_DATA))) { - SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return -1; } @@ -667,7 +667,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); + SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE); return (-1); } } @@ -731,7 +731,7 @@ start: */ if (dtls1_buffer_record(s, &(D1I(s)->buffered_app_data), rr->seq_num) < 0) { - SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return (-1); } rr->length = 0; @@ -754,7 +754,7 @@ start: if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && (s->enc_read_ctx == NULL)) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE); + SSLerror(SSL_R_APP_DATA_IN_HANDSHAKE); goto f_err; } @@ -817,7 +817,7 @@ start: /* Not certain if this is the right error handling */ al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); + SSLerror(SSL_R_UNEXPECTED_RECORD); goto f_err; } @@ -862,7 +862,7 @@ start: (D1I(s)->handshake_fragment[2] != 0) || (D1I(s)->handshake_fragment[3] != 0)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); + SSLerror(SSL_R_BAD_HELLO_REQUEST); goto err; } @@ -883,7 +883,7 @@ start: if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); + SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE); return (-1); } @@ -940,7 +940,7 @@ start: { s->internal->rwstate = SSL_NOTHING; S3I(s)->fatal_alert = alert_descr; - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); + SSLerror(SSL_AD_REASON_OFFSET + alert_descr); ERR_asprintf_error_data("SSL alert number %d", alert_descr); s->internal->shutdown|=SSL_RECEIVED_SHUTDOWN; @@ -948,7 +948,7 @@ start: return (0); } else { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE); + SSLerror(SSL_R_UNKNOWN_ALERT_TYPE); goto f_err; } @@ -974,7 +974,7 @@ start: if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { i = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC); + SSLerror(SSL_R_BAD_CHANGE_CIPHER_SPEC); goto err; } @@ -1038,7 +1038,7 @@ start: if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); + SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE); return (-1); } @@ -1068,7 +1068,7 @@ start: goto start; } al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); + SSLerror(SSL_R_UNEXPECTED_RECORD); goto f_err; case SSL3_RT_CHANGE_CIPHER_SPEC: case SSL3_RT_ALERT: @@ -1077,7 +1077,7 @@ start: * of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that * should not happen when type != rr->type */ al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); goto f_err; case SSL3_RT_APPLICATION_DATA: /* At this point, we were expecting handshake data, @@ -1099,7 +1099,7 @@ start: return (-1); } else { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); + SSLerror(SSL_R_UNEXPECTED_RECORD); goto f_err; } } @@ -1122,13 +1122,13 @@ dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); + SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE); return -1; } } if (len > SSL3_RT_MAX_PLAIN_LENGTH) { - SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_DTLS_MESSAGE_TOO_BIG); + SSLerror(SSL_R_DTLS_MESSAGE_TOO_BIG); return -1; } diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c index a9f45a2d9a..b98c04b7cf 100644 --- a/src/lib/libssl/d1_srtp.c +++ b/src/lib/libssl/d1_srtp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srtp.c,v 1.18 2017/01/24 15:04:12 jsing Exp $ */ +/* $OpenBSD: d1_srtp.c,v 1.19 2017/01/26 10:40:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -187,7 +187,7 @@ ssl_ctx_make_profiles(const char *profiles_string, SRTP_PROTECTION_PROFILE *p; if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) { - SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, + SSLerror( SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); return 1; } @@ -199,7 +199,7 @@ ssl_ctx_make_profiles(const char *profiles_string, col ? col - ptr : (int)strlen(ptr))) { sk_SRTP_PROTECTION_PROFILE_push(profiles, p); } else { - SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, + SSLerror( SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); sk_SRTP_PROTECTION_PROFILE_free(profiles); return 1; @@ -264,13 +264,13 @@ ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) if (p) { if (ct == 0) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, + SSLerror( SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); return 1; } if ((2 + ct * 2 + 1) > maxlen) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, + SSLerror( SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); return 1; } @@ -304,7 +304,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len, CBS cbs, ciphers, mki; if (len < 0) { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, + SSLerror( SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); *al = SSL_AD_DECODE_ERROR; goto done; @@ -314,7 +314,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len, /* Pull off the cipher suite list */ if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) || CBS_len(&ciphers) % 2) { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, + SSLerror( SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); *al = SSL_AD_DECODE_ERROR; goto done; @@ -324,7 +324,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len, while (CBS_len(&ciphers) > 0) { if (!CBS_get_u16(&ciphers, &id)) { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, + SSLerror( SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); *al = SSL_AD_DECODE_ERROR; goto done; @@ -339,7 +339,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len, /* Extract the MKI value as a sanity check, but discard it for now. */ if (!CBS_get_u8_length_prefixed(&cbs, &mki) || CBS_len(&cbs) != 0) { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, + SSLerror( SSL_R_BAD_SRTP_MKI_VALUE); *al = SSL_AD_DECODE_ERROR; goto done; @@ -381,13 +381,13 @@ ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) { if (p) { if (maxlen < 5) { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, + SSLerror( SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); return 1; } if (s->internal->srtp_profile == 0) { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, + SSLerror( SSL_R_USE_SRTP_NOT_NEGOTIATED); return 1; } @@ -411,7 +411,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int CBS cbs, profile_ids, mki; if (len < 0) { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, + SSLerror( SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); *al = SSL_AD_DECODE_ERROR; return 1; @@ -425,7 +425,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int */ if (!CBS_get_u16_length_prefixed(&cbs, &profile_ids) || !CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, + SSLerror( SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); *al = SSL_AD_DECODE_ERROR; return 1; @@ -433,7 +433,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int /* Must be no MKI, since we never offer one. */ if (!CBS_get_u8_length_prefixed(&cbs, &mki) || CBS_len(&mki) != 0) { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, + SSLerror( SSL_R_BAD_SRTP_MKI_VALUE); *al = SSL_AD_ILLEGAL_PARAMETER; return 1; @@ -443,7 +443,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int /* Throw an error if the server gave us an unsolicited extension. */ if (clnt == NULL) { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, + SSLerror( SSL_R_NO_SRTP_PROFILES); *al = SSL_AD_DECODE_ERROR; return 1; @@ -463,7 +463,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int } } - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, + SSLerror( SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); *al = SSL_AD_DECODE_ERROR; return 1; diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index f36d3f40cd..80d7d639c3 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.81 2017/01/26 06:32:58 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.82 2017/01/26 10:40:21 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -202,7 +202,7 @@ dtls1_accept(SSL *s) D1I(s)->listen = listen; if (s->cert == NULL) { - SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET); + SSLerror(SSL_R_NO_CERTIFICATE_SET); ret = -1; goto end; } @@ -225,7 +225,7 @@ dtls1_accept(SSL *s) cb(s, SSL_CB_HANDSHAKE_START, 1); if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) { - SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); ret = -1; goto end; } @@ -506,7 +506,7 @@ dtls1_accept(SSL *s) * at this point and digest cached records. */ if (!S3I(s)->handshake_buffer) { - SSLerr(SSL_F_SSL3_ACCEPT, + SSLerror( ERR_R_INTERNAL_ERROR); ret = -1; goto end; @@ -659,7 +659,7 @@ dtls1_accept(SSL *s) /* break; */ default: - SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE); + SSLerror(SSL_R_UNKNOWN_STATE); ret = -1; goto end; /* break; */ @@ -706,7 +706,7 @@ dtls1_send_hello_verify_request(SSL *s) if (s->ctx->internal->app_gen_cookie_cb == NULL || s->ctx->internal->app_gen_cookie_cb(s, D1I(s)->cookie, &(D1I(s)->cookie_len)) == 0) { - SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, + SSLerror( ERR_R_INTERNAL_ERROR); return 0; } diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 977c170403..6287f6cbc6 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.131 2017/01/24 14:57:31 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.132 2017/01/26 10:40:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1980,7 +1980,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { if (!ssl_cert_inst(&s->cert)) { - SSLerr(SSL_F_SSL3_CTRL, + SSLerror( ERR_R_MALLOC_FAILURE); return (0); } @@ -2010,18 +2010,18 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_SET_TMP_RSA: case SSL_CTRL_SET_TMP_RSA_CB: - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); break; case SSL_CTRL_SET_TMP_DH: { DH *dh = (DH *)parg; if (dh == NULL) { - SSLerr(SSL_F_SSL3_CTRL, + SSLerror( ERR_R_PASSED_NULL_PARAMETER); return (ret); } if ((dh = DHparams_dup(dh)) == NULL) { - SSLerr(SSL_F_SSL3_CTRL, + SSLerror( ERR_R_DH_LIB); return (ret); } @@ -2032,7 +2032,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_SET_TMP_DH_CB: - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (ret); case SSL_CTRL_SET_DH_AUTO: @@ -2044,12 +2044,12 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) EC_KEY *ecdh = NULL; if (parg == NULL) { - SSLerr(SSL_F_SSL3_CTRL, + SSLerror( ERR_R_PASSED_NULL_PARAMETER); return (ret); } if (!EC_KEY_up_ref((EC_KEY *)parg)) { - SSLerr(SSL_F_SSL3_CTRL, + SSLerror( ERR_R_ECDH_LIB); return (ret); } @@ -2057,7 +2057,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (!(s->internal->options & SSL_OP_SINGLE_ECDH_USE)) { if (!EC_KEY_generate_key(ecdh)) { EC_KEY_free(ecdh); - SSLerr(SSL_F_SSL3_CTRL, + SSLerror( ERR_R_ECDH_LIB); return (ret); } @@ -2069,7 +2069,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_SET_TMP_ECDH_CB: { - SSLerr(SSL_F_SSL3_CTRL, + SSLerror( ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (ret); } @@ -2083,18 +2083,18 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (parg == NULL) break; if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { - SSLerr(SSL_F_SSL3_CTRL, + SSLerror( SSL_R_SSL3_EXT_INVALID_SERVERNAME); return 0; } if ((s->tlsext_hostname = strdup((char *)parg)) == NULL) { - SSLerr(SSL_F_SSL3_CTRL, + SSLerror( ERR_R_INTERNAL_ERROR); return 0; } } else { - SSLerr(SSL_F_SSL3_CTRL, + SSLerror( SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); return 0; } @@ -2177,7 +2177,7 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) if (cmd == SSL_CTRL_SET_TMP_DH_CB) { if (!ssl_cert_inst(&s->cert)) { - SSLerr(SSL_F_SSL3_CALLBACK_CTRL, + SSLerror( ERR_R_MALLOC_FAILURE); return (0); } @@ -2185,7 +2185,7 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) switch (cmd) { case SSL_CTRL_SET_TMP_RSA_CB: - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); break; case SSL_CTRL_SET_TMP_DH_CB: s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; @@ -2215,7 +2215,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return (0); case SSL_CTRL_SET_TMP_RSA: case SSL_CTRL_SET_TMP_RSA_CB: - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); case SSL_CTRL_SET_TMP_DH: { @@ -2223,7 +2223,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) dh = (DH *)parg; if ((new = DHparams_dup(dh)) == NULL) { - SSLerr(SSL_F_SSL3_CTX_CTRL, + SSLerror( ERR_R_DH_LIB); return 0; } @@ -2234,7 +2234,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) /*break; */ case SSL_CTRL_SET_TMP_DH_CB: - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); case SSL_CTRL_SET_DH_AUTO: @@ -2246,20 +2246,20 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) EC_KEY *ecdh = NULL; if (parg == NULL) { - SSLerr(SSL_F_SSL3_CTX_CTRL, + SSLerror( ERR_R_ECDH_LIB); return 0; } ecdh = EC_KEY_dup((EC_KEY *)parg); if (ecdh == NULL) { - SSLerr(SSL_F_SSL3_CTX_CTRL, + SSLerror( ERR_R_EC_LIB); return 0; } if (!(ctx->internal->options & SSL_OP_SINGLE_ECDH_USE)) { if (!EC_KEY_generate_key(ecdh)) { EC_KEY_free(ecdh); - SSLerr(SSL_F_SSL3_CTX_CTRL, + SSLerror( ERR_R_ECDH_LIB); return 0; } @@ -2272,7 +2272,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) /* break; */ case SSL_CTRL_SET_TMP_ECDH_CB: { - SSLerr(SSL_F_SSL3_CTX_CTRL, + SSLerror( ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } @@ -2287,7 +2287,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) if (!keys) return 48; if (larg != 48) { - SSLerr(SSL_F_SSL3_CTX_CTRL, + SSLerror( SSL_R_INVALID_TICKET_KEYS_LENGTH); return 0; } @@ -2361,7 +2361,7 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) switch (cmd) { case SSL_CTRL_SET_TMP_RSA_CB: - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); case SSL_CTRL_SET_TMP_DH_CB: cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c index 707dc24d08..bcd1ddf83c 100644 --- a/src/lib/libssl/ssl_asn1.c +++ b/src/lib/libssl/ssl_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_asn1.c,v 1.47 2016/12/26 15:34:01 jsing Exp $ */ +/* $OpenBSD: ssl_asn1.c,v 1.48 2017/01/26 10:40:21 beck Exp $ */ /* * Copyright (c) 2016 Joel Sing @@ -232,7 +232,7 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) if (s == NULL) { if ((s = SSL_SESSION_new()) == NULL) { - SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (NULL); } } diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c index 9d0dadef83..707feb6d09 100644 --- a/src/lib/libssl/ssl_both.c +++ b/src/lib/libssl/ssl_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_both.c,v 1.2 2017/01/26 06:32:58 jsing Exp $ */ +/* $OpenBSD: ssl_both.c,v 1.3 2017/01/26 10:40:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -244,7 +244,7 @@ ssl3_get_finished(SSL *s, int a, int b) /* If this occurs, we have missed a message */ if (!S3I(s)->change_cipher_spec) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS); + SSLerror(SSL_R_GOT_A_FIN_BEFORE_A_CCS); goto f_err; } S3I(s)->change_cipher_spec = 0; @@ -253,7 +253,7 @@ ssl3_get_finished(SSL *s, int a, int b) if (n < 0) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); + SSLerror(SSL_R_BAD_DIGEST_LENGTH); goto f_err; } @@ -262,13 +262,13 @@ ssl3_get_finished(SSL *s, int a, int b) if (S3I(s)->tmp.peer_finish_md_len != md_len || CBS_len(&cbs) != md_len) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); + SSLerror(SSL_R_BAD_DIGEST_LENGTH); goto f_err; } if (!CBS_mem_equal(&cbs, S3I(s)->tmp.peer_finish_md, CBS_len(&cbs))) { al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED); + SSLerror(SSL_R_DIGEST_CHECK_FAILED); goto f_err; } @@ -365,7 +365,7 @@ ssl3_output_cert_chain(SSL *s, CBB *cbb, X509 *x) if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, + SSLerror( ERR_R_X509_LIB); goto err; } @@ -420,7 +420,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) S3I(s)->tmp.reuse_message = 0; if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_MESSAGE, + SSLerror( SSL_R_UNEXPECTED_MESSAGE); goto f_err; } @@ -473,7 +473,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) if ((mt >= 0) && (*p != mt)) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_MESSAGE, + SSLerror( SSL_R_UNEXPECTED_MESSAGE); goto f_err; } @@ -481,19 +481,19 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) CBS_init(&cbs, p, 4); if (!CBS_get_u8(&cbs, &u8) || !CBS_get_u24(&cbs, &l)) { - SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); + SSLerror(ERR_R_BUF_LIB); goto err; } S3I(s)->tmp.message_type = u8; if (l > (unsigned long)max) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_MESSAGE, + SSLerror( SSL_R_EXCESSIVE_MESSAGE_SIZE); goto f_err; } if (l && !BUF_MEM_grow_clean(s->internal->init_buf, l + 4)) { - SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); + SSLerror(ERR_R_BUF_LIB); goto err; } S3I(s)->tmp.message_size = l; @@ -684,7 +684,7 @@ ssl3_setup_read_buffer(SSL *s) return 1; err: - SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return 0; } @@ -717,7 +717,7 @@ ssl3_setup_write_buffer(SSL *s) return 1; err: - SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return 0; } diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index 218a55c197..4f714f751a 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.60 2017/01/24 15:04:12 jsing Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.61 2017/01/26 10:40:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -178,7 +178,7 @@ ssl_cert_new(void) ret = calloc(1, sizeof(CERT)); if (ret == NULL) { - SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (NULL); } ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); @@ -195,7 +195,7 @@ ssl_cert_dup(CERT *cert) ret = calloc(1, sizeof(CERT)); if (ret == NULL) { - SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (NULL); } @@ -212,13 +212,13 @@ ssl_cert_dup(CERT *cert) if (cert->dh_tmp != NULL) { ret->dh_tmp = DHparams_dup(cert->dh_tmp); if (ret->dh_tmp == NULL) { - SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB); + SSLerror(ERR_R_DH_LIB); goto err; } if (cert->dh_tmp->priv_key) { BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); if (!b) { - SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); + SSLerror(ERR_R_BN_LIB); goto err; } ret->dh_tmp->priv_key = b; @@ -226,7 +226,7 @@ ssl_cert_dup(CERT *cert) if (cert->dh_tmp->pub_key) { BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); if (!b) { - SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); + SSLerror(ERR_R_BN_LIB); goto err; } ret->dh_tmp->pub_key = b; @@ -238,7 +238,7 @@ ssl_cert_dup(CERT *cert) if (cert->ecdh_tmp) { ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); if (ret->ecdh_tmp == NULL) { - SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); + SSLerror(ERR_R_EC_LIB); goto err; } } @@ -284,7 +284,7 @@ ssl_cert_dup(CERT *cert) default: /* Can't happen. */ - SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); + SSLerror(SSL_R_LIBRARY_BUG); } } } @@ -354,12 +354,12 @@ ssl_cert_inst(CERT **o) */ if (o == NULL) { - SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER); + SSLerror(ERR_R_PASSED_NULL_PARAMETER); return (0); } if (*o == NULL) { if ((*o = ssl_cert_new()) == NULL) { - SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (0); } } @@ -374,7 +374,7 @@ ssl_sess_cert_new(void) ret = calloc(1, sizeof *ret); if (ret == NULL) { - SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return NULL; } ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); @@ -418,7 +418,7 @@ ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) x = sk_X509_value(sk, 0); if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) { - SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB); + SSLerror(ERR_R_X509_LIB); return (0); } X509_STORE_CTX_set_ex_data(&ctx, @@ -574,7 +574,7 @@ SSL_load_client_CA_file(const char *file) in = BIO_new(BIO_s_file_internal()); if ((sk == NULL) || (in == NULL)) { - SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); goto err; } @@ -587,7 +587,7 @@ SSL_load_client_CA_file(const char *file) if (ret == NULL) { ret = sk_X509_NAME_new_null(); if (ret == NULL) { - SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } @@ -643,7 +643,7 @@ SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, in = BIO_new(BIO_s_file_internal()); if (in == NULL) { - SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } @@ -713,7 +713,7 @@ SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir) if (!ret) { SYSerr(SYS_F_OPENDIR, errno); ERR_asprintf_error_data("opendir ('%s')", dir); - SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); + SSLerror(ERR_R_SYS_LIB); } return ret; } diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 5a5bb165d8..c1dee99e58 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.90 2017/01/24 01:44:00 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.91 2017/01/26 10:40:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1072,7 +1072,7 @@ ssl_cipher_strength_sort(CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) number_uses = calloc((max_strength_bits + 1), sizeof(int)); if (!number_uses) { - SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (0); } @@ -1162,7 +1162,7 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, * it is no command or separator nor * alphanumeric, so we call this an error. */ - SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, + SSLerror( SSL_R_INVALID_COMMAND); retval = found = 0; l++; @@ -1309,7 +1309,7 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8)) ok = ssl_cipher_strength_sort(head_p, tail_p); else - SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, + SSLerror( SSL_R_INVALID_COMMAND); if (ok == 0) retval = 0; @@ -1379,7 +1379,7 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, num_of_ciphers = ssl_method->num_ciphers(); co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER)); if (co_list == NULL) { - SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return(NULL); /* Failure */ } @@ -1459,7 +1459,7 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, ca_list = reallocarray(NULL, num_of_alias_max, sizeof(SSL_CIPHER *)); if (ca_list == NULL) { free(co_list); - SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return(NULL); /* Failure */ } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index f7bbca0d78..c8d4aca1c3 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.2 2017/01/26 06:32:58 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.3 2017/01/26 10:40:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -211,7 +211,7 @@ ssl3_connect(SSL *s) cb(s, SSL_CB_HANDSHAKE_START, 1); if ((s->version & 0xff00 ) != 0x0300) { - SSLerr(SSL_F_SSL3_CONNECT, + SSLerror( ERR_R_INTERNAL_ERROR); ret = -1; goto end; @@ -551,7 +551,7 @@ ssl3_connect(SSL *s) /* break; */ default: - SSLerr(SSL_F_SSL3_CONNECT, + SSLerror( SSL_R_UNKNOWN_STATE); ret = -1; goto end; @@ -597,7 +597,7 @@ ssl3_client_hello(SSL *s) SSL_SESSION *sess = s->session; if (ssl_supported_version_range(s, NULL, &max_version) != 1) { - SSLerr(SSL_F_SSL3_CLIENT_HELLO, + SSLerror( SSL_R_NO_PROTOCOLS_AVAILABLE); return (-1); } @@ -668,7 +668,7 @@ ssl3_client_hello(SSL *s) *(p++) = i; if (i != 0) { if (i > (int)sizeof(s->session->session_id)) { - SSLerr(SSL_F_SSL3_CLIENT_HELLO, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -679,7 +679,7 @@ ssl3_client_hello(SSL *s) /* DTLS Cookie. */ if (SSL_IS_DTLS(s)) { if (D1I(s)->cookie_len > sizeof(D1I(s)->cookie)) { - SSLerr(SSL_F_DTLS1_CLIENT_HELLO, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -693,7 +693,7 @@ ssl3_client_hello(SSL *s) bufend - &p[2], &outlen)) goto err; if (outlen == 0) { - SSLerr(SSL_F_SSL3_CLIENT_HELLO, + SSLerror( SSL_R_NO_CIPHERS_AVAILABLE); goto err; } @@ -706,7 +706,7 @@ ssl3_client_hello(SSL *s) /* TLS extensions*/ if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) { - SSLerr(SSL_F_SSL3_CLIENT_HELLO, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -759,7 +759,7 @@ ssl3_get_server_hello(SSL *s) } else { /* Already sent a cookie. */ al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSLerror( SSL_R_BAD_MESSAGE_TYPE); goto f_err; } @@ -768,7 +768,7 @@ ssl3_get_server_hello(SSL *s) if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSLerror( SSL_R_BAD_MESSAGE_TYPE); goto f_err; } @@ -777,13 +777,13 @@ ssl3_get_server_hello(SSL *s) goto truncated; if (ssl_supported_version_range(s, &min_version, &max_version) != 1) { - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSLerror( SSL_R_NO_PROTOCOLS_AVAILABLE); goto err; } if (server_version < min_version || server_version > max_version) { - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION); + SSLerror(SSL_R_WRONG_SSL_VERSION); s->version = (s->version & 0xff00) | (server_version & 0xff); al = SSL_AD_PROTOCOL_VERSION; goto f_err; @@ -793,7 +793,7 @@ ssl3_get_server_hello(SSL *s) if ((method = tls1_get_client_method(server_version)) == NULL) method = dtls1_get_client_method(server_version); if (method == NULL) { - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); goto err; } s->method = method; @@ -812,7 +812,7 @@ ssl3_get_server_hello(SSL *s) if ((CBS_len(&session_id) > sizeof(s->session->session_id)) || (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE)) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSLerror( SSL_R_SSL3_SESSION_ID_TOO_LONG); goto f_err; } @@ -845,7 +845,7 @@ ssl3_get_server_hello(SSL *s) s->sid_ctx, s->sid_ctx_length) != 0) { /* actually a client application bug */ al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSLerror( SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto f_err; } @@ -878,7 +878,7 @@ ssl3_get_server_hello(SSL *s) if ((cipher = ssl3_get_cipher_by_value(cipher_suite)) == NULL) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSLerror( SSL_R_UNKNOWN_CIPHER_RETURNED); goto f_err; } @@ -887,7 +887,7 @@ ssl3_get_server_hello(SSL *s) if ((cipher->algorithm_ssl & SSL_TLSV1_2) && (TLS1_get_version(s) < TLS1_2_VERSION)) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSLerror( SSL_R_WRONG_CIPHER_RETURNED); goto f_err; } @@ -897,7 +897,7 @@ ssl3_get_server_hello(SSL *s) if (i < 0) { /* we did not say we would use this cipher */ al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSLerror( SSL_R_WRONG_CIPHER_RETURNED); goto f_err; } @@ -911,7 +911,7 @@ ssl3_get_server_hello(SSL *s) s->session->cipher_id = s->session->cipher->id; if (s->internal->hit && (s->session->cipher_id != cipher->id)) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSLerror( SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); goto f_err; } @@ -933,7 +933,7 @@ ssl3_get_server_hello(SSL *s) if (compression_method != 0) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSLerror( SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); goto f_err; } @@ -942,11 +942,11 @@ ssl3_get_server_hello(SSL *s) p = (unsigned char *)CBS_data(&cbs); if (!ssl_parse_serverhello_tlsext(s, &p, CBS_len(&cbs), &al)) { /* 'al' set by ssl_parse_serverhello_tlsext */ - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_PARSE_TLSEXT); + SSLerror(SSL_R_PARSE_TLSEXT); goto f_err; } if (ssl_check_serverhello_tlsext(s) <= 0) { - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT); + SSLerror(SSL_R_SERVERHELLO_TLSEXT); goto err; } @@ -959,7 +959,7 @@ ssl3_get_server_hello(SSL *s) truncated: /* wrong packet length */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH); + SSLerror(SSL_R_BAD_PACKET_LENGTH); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: @@ -991,14 +991,14 @@ ssl3_get_server_certificate(SSL *s) if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSLerror( SSL_R_BAD_MESSAGE_TYPE); goto f_err; } if ((sk = sk_X509_new_null()) == NULL) { - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } @@ -1013,7 +1013,7 @@ ssl3_get_server_certificate(SSL *s) if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) || CBS_len(&cbs) != 0) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSLerror( SSL_R_LENGTH_MISMATCH); goto f_err; } @@ -1025,7 +1025,7 @@ ssl3_get_server_certificate(SSL *s) goto truncated; if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSLerror( SSL_R_CERT_LENGTH_MISMATCH); goto f_err; } @@ -1034,18 +1034,18 @@ ssl3_get_server_certificate(SSL *s) x = d2i_X509(NULL, &q, CBS_len(&cert)); if (x == NULL) { al = SSL_AD_BAD_CERTIFICATE; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSLerror( ERR_R_ASN1_LIB); goto f_err; } if (q != CBS_data(&cert) + CBS_len(&cert)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSLerror( SSL_R_CERT_LENGTH_MISMATCH); goto f_err; } if (!sk_X509_push(sk, x)) { - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } @@ -1055,7 +1055,7 @@ ssl3_get_server_certificate(SSL *s) i = ssl_verify_cert_chain(s, sk); if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) { al = ssl_verify_alarm_type(s->verify_result); - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSLerror( SSL_R_CERTIFICATE_VERIFY_FAILED); goto f_err; @@ -1082,7 +1082,7 @@ ssl3_get_server_certificate(SSL *s) if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) { x = NULL; al = SSL3_AL_FATAL; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSLerror( SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); goto f_err; } @@ -1091,7 +1091,7 @@ ssl3_get_server_certificate(SSL *s) if (i < 0) { x = NULL; al = SSL3_AL_FATAL; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSLerror( SSL_R_UNKNOWN_CERTIFICATE_TYPE); goto f_err; } @@ -1118,7 +1118,7 @@ ssl3_get_server_certificate(SSL *s) truncated: /* wrong packet length */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSLerror( SSL_R_BAD_PACKET_LENGTH); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -1150,21 +1150,21 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn) CBS_init(&cbs, *pp, *nn); if ((dh = DH_new()) == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_DH_LIB); + SSLerror(ERR_R_DH_LIB); goto err; } if (!CBS_get_u16_length_prefixed(&cbs, &dhp)) goto truncated; if ((dh->p = BN_bin2bn(CBS_data(&dhp), CBS_len(&dhp), NULL)) == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); + SSLerror(ERR_R_BN_LIB); goto err; } if (!CBS_get_u16_length_prefixed(&cbs, &dhg)) goto truncated; if ((dh->g = BN_bin2bn(CBS_data(&dhg), CBS_len(&dhg), NULL)) == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); + SSLerror(ERR_R_BN_LIB); goto err; } @@ -1172,7 +1172,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn) goto truncated; if ((dh->pub_key = BN_bin2bn(CBS_data(&dhpk), CBS_len(&dhpk), NULL)) == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); + SSLerror(ERR_R_BN_LIB); goto err; } @@ -1181,7 +1181,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn) * Discard keys weaker than 1024 bits. */ if (DH_size(dh) < 1024 / 8) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_LENGTH); + SSLerror(SSL_R_BAD_DH_P_LENGTH); goto err; } @@ -1202,7 +1202,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn) truncated: al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH); + SSLerror(SSL_R_BAD_PACKET_LENGTH); ssl3_send_alert(s, SSL3_AL_FATAL, al); err: @@ -1227,16 +1227,16 @@ ssl3_get_server_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, int nid, CBS *public) */ if ((ecdh = EC_KEY_new()) == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); goto err; } if ((ngroup = EC_GROUP_new_by_curve_name(nid)) == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB); + SSLerror(ERR_R_EC_LIB); goto err; } if (EC_KEY_set_group(ecdh, ngroup) == 0) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB); + SSLerror(ERR_R_EC_LIB); goto err; } @@ -1244,13 +1244,13 @@ ssl3_get_server_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, int nid, CBS *public) if ((point = EC_POINT_new(group)) == NULL || (bn_ctx = BN_CTX_new()) == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); goto err; } if (EC_POINT_oct2point(group, point, CBS_data(public), CBS_len(public), bn_ctx) == 0) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_ECPOINT); + SSLerror(SSL_R_BAD_ECPOINT); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); goto err; } @@ -1276,18 +1276,18 @@ ssl3_get_server_kex_ecdhe_ecx(SSL *s, SESS_CERT *sc, int nid, CBS *public) size_t outlen; if (nid != NID_X25519) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); goto err; } if (CBS_len(public) != X25519_KEY_LENGTH) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_ECPOINT); + SSLerror(SSL_R_BAD_ECPOINT); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); goto err; } if (!CBS_stow(public, &sc->peer_x25519_tmp, &outlen)) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); goto err; } @@ -1321,7 +1321,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn) curve_type != NAMED_CURVE_TYPE || !CBS_get_u16(&cbs, &curve_id)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); + SSLerror(SSL_R_LENGTH_TOO_SHORT); goto f_err; } @@ -1331,13 +1331,13 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn) */ if (tls1_check_curve(s, curve_id) != 1) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_CURVE); + SSLerror(SSL_R_WRONG_CURVE); goto f_err; } if ((nid = tls1_ec_curve_id2nid(curve_id)) == 0) { al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSLerror( SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); goto f_err; } @@ -1373,7 +1373,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn) truncated: al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH); + SSLerror(SSL_R_BAD_PACKET_LENGTH); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -1414,7 +1414,7 @@ ssl3_get_server_key_exchange(SSL *s) * ephemeral keys. */ if (alg_k & (SSL_kDHE|SSL_kECDHE)) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSLerror( SSL_R_UNEXPECTED_MESSAGE); al = SSL_AD_UNEXPECTED_MESSAGE; goto f_err; @@ -1451,7 +1451,7 @@ ssl3_get_server_key_exchange(SSL *s) goto err; } else if (alg_k != 0) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); + SSLerror(SSL_R_UNEXPECTED_MESSAGE); goto f_err; } @@ -1463,7 +1463,7 @@ ssl3_get_server_key_exchange(SSL *s) int sigalg = tls12_get_sigid(pkey); /* Should never happen */ if (sigalg == -1) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -1474,14 +1474,14 @@ ssl3_get_server_key_exchange(SSL *s) if (2 > n) goto truncated; if (sigalg != (int)p[1]) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSLerror( SSL_R_WRONG_SIGNATURE_TYPE); al = SSL_AD_DECODE_ERROR; goto f_err; } md = tls12_get_hash(p[0]); if (md == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSLerror( SSL_R_UNKNOWN_DIGEST); al = SSL_AD_DECODE_ERROR; goto f_err; @@ -1500,7 +1500,7 @@ ssl3_get_server_key_exchange(SSL *s) if (i != n || n > j) { /* wrong packet length */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSLerror( SSL_R_WRONG_SIGNATURE_LENGTH); goto f_err; } @@ -1533,14 +1533,14 @@ ssl3_get_server_key_exchange(SSL *s) p, n, pkey->pkey.rsa); if (i < 0) { al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSLerror( SSL_R_BAD_RSA_DECRYPT); goto f_err; } if (i == 0) { /* bad signature */ al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSLerror( SSL_R_BAD_SIGNATURE); goto f_err; } @@ -1554,7 +1554,7 @@ ssl3_get_server_key_exchange(SSL *s) if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) { /* bad signature */ al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSLerror( SSL_R_BAD_SIGNATURE); goto f_err; } @@ -1562,14 +1562,14 @@ ssl3_get_server_key_exchange(SSL *s) } else { /* aNULL does not need public keys. */ if (!(alg_a & SSL_aNULL)) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } /* still data left over */ if (n != 0) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSLerror( SSL_R_EXTRA_DATA_IN_MESSAGE); goto f_err; } @@ -1583,7 +1583,7 @@ ssl3_get_server_key_exchange(SSL *s) truncated: /* wrong packet length */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH); + SSLerror(SSL_R_BAD_PACKET_LENGTH); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -1630,7 +1630,7 @@ ssl3_get_certificate_request(SSL *s) if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSLerror( SSL_R_WRONG_MESSAGE_TYPE); goto err; } @@ -1638,7 +1638,7 @@ ssl3_get_certificate_request(SSL *s) /* TLS does not like anon-DH with client cert */ if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSLerror( SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); goto err; } @@ -1648,7 +1648,7 @@ ssl3_get_certificate_request(SSL *s) CBS_init(&cert_request, s->internal->init_msg, n); if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } @@ -1662,7 +1662,7 @@ ssl3_get_certificate_request(SSL *s) if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) || !CBS_write_bytes(&ctypes, (uint8_t *)S3I(s)->tmp.ctype, sizeof(S3I(s)->tmp.ctype), NULL)) { - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSLerror( SSL_R_DATA_LENGTH_TOO_LONG); goto err; } @@ -1671,7 +1671,7 @@ ssl3_get_certificate_request(SSL *s) CBS sigalgs; if (CBS_len(&cert_request) < 2) { - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSLerror( SSL_R_DATA_LENGTH_TOO_LONG); goto err; } @@ -1681,7 +1681,7 @@ ssl3_get_certificate_request(SSL *s) */ if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSLerror( SSL_R_DATA_LENGTH_TOO_LONG); goto err; } @@ -1689,7 +1689,7 @@ ssl3_get_certificate_request(SSL *s) !tls1_process_sigalgs(s, CBS_data(&sigalgs), CBS_len(&sigalgs))) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSLerror( SSL_R_SIGNATURE_ALGORITHMS_ERROR); goto err; } @@ -1697,7 +1697,7 @@ ssl3_get_certificate_request(SSL *s) /* get the CA RDNs */ if (CBS_len(&cert_request) < 2) { - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSLerror( SSL_R_DATA_LENGTH_TOO_LONG); goto err; } @@ -1705,7 +1705,7 @@ ssl3_get_certificate_request(SSL *s) if (!CBS_get_u16_length_prefixed(&cert_request, &rdn_list) || CBS_len(&cert_request) != 0) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSLerror( SSL_R_LENGTH_MISMATCH); goto err; } @@ -1714,14 +1714,14 @@ ssl3_get_certificate_request(SSL *s) CBS rdn; if (CBS_len(&rdn_list) < 2) { - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSLerror( SSL_R_DATA_LENGTH_TOO_LONG); goto err; } if (!CBS_get_u16_length_prefixed(&rdn_list, &rdn)) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSLerror( SSL_R_CA_DN_TOO_LONG); goto err; } @@ -1730,19 +1730,19 @@ ssl3_get_certificate_request(SSL *s) if ((xn = d2i_X509_NAME(NULL, &q, CBS_len(&rdn))) == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSLerror( ERR_R_ASN1_LIB); goto err; } if (q != CBS_data(&rdn) + CBS_len(&rdn)) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSLerror( SSL_R_CA_DN_LENGTH_MISMATCH); goto err; } if (!sk_X509_NAME_push(ca_sk, xn)) { - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } @@ -1759,7 +1759,7 @@ ssl3_get_certificate_request(SSL *s) ret = 1; if (0) { truncated: - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSLerror( SSL_R_BAD_PACKET_LENGTH); } err: @@ -1793,14 +1793,14 @@ ssl3_get_new_session_ticket(SSL *s) } if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, + SSLerror( SSL_R_BAD_MESSAGE_TYPE); goto f_err; } if (n < 0) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, + SSLerror( SSL_R_LENGTH_MISMATCH); goto f_err; } @@ -1813,7 +1813,7 @@ ssl3_get_new_session_ticket(SSL *s) !CBS_get_u16_length_prefixed(&cbs, &session_ticket) || CBS_len(&cbs) != 0) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, + SSLerror( SSL_R_LENGTH_MISMATCH); goto f_err; } @@ -1821,7 +1821,7 @@ ssl3_get_new_session_ticket(SSL *s) if (!CBS_stow(&session_ticket, &s->session->tlsext_tick, &s->session->tlsext_ticklen)) { - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } @@ -1872,7 +1872,7 @@ ssl3_get_cert_status(SSL *s) if (n < 0) { /* need at least status type + length */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + SSLerror( SSL_R_LENGTH_MISMATCH); goto f_err; } @@ -1882,14 +1882,14 @@ ssl3_get_cert_status(SSL *s) CBS_len(&cert_status) < 3) { /* need at least status type + length */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + SSLerror( SSL_R_LENGTH_MISMATCH); goto f_err; } if (status_type != TLSEXT_STATUSTYPE_ocsp) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + SSLerror( SSL_R_UNSUPPORTED_STATUS_TYPE); goto f_err; } @@ -1897,7 +1897,7 @@ ssl3_get_cert_status(SSL *s) if (!CBS_get_u24_length_prefixed(&cert_status, &response) || CBS_len(&cert_status) != 0) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + SSLerror( SSL_R_LENGTH_MISMATCH); goto f_err; } @@ -1906,7 +1906,7 @@ ssl3_get_cert_status(SSL *s) &stow_len) || stow_len > INT_MAX) { s->internal->tlsext_ocsp_resplen = 0; al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + SSLerror( ERR_R_MALLOC_FAILURE); goto f_err; } @@ -1918,13 +1918,13 @@ ssl3_get_cert_status(SSL *s) s->ctx->internal->tlsext_status_arg); if (ret == 0) { al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + SSLerror( SSL_R_INVALID_STATUS_RESPONSE); goto f_err; } if (ret < 0) { al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + SSLerror( ERR_R_MALLOC_FAILURE); goto f_err; } @@ -1950,7 +1950,7 @@ ssl3_get_server_done(SSL *s) if (n > 0) { /* should contain no data */ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH); + SSLerror(SSL_R_LENGTH_MISMATCH); return (-1); } ret = 1; @@ -1974,7 +1974,7 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb) pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); if (pkey == NULL || pkey->type != EVP_PKEY_RSA || pkey->pkey.rsa == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -1984,7 +1984,7 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb) arc4random_buf(&pms[2], sizeof(pms) - 2); if ((enc_pms = malloc(RSA_size(pkey->pkey.rsa))) == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } @@ -1992,7 +1992,7 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb) enc_len = RSA_public_encrypt(sizeof(pms), pms, enc_pms, pkey->pkey.rsa, RSA_PKCS1_PADDING); if (enc_len <= 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSLerror( SSL_R_BAD_RSA_ENCRYPT); goto err; } @@ -2031,7 +2031,7 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb) /* Ensure that we have an ephemeral key for DHE. */ if (sess_cert->peer_dh_tmp == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSLerror( SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); goto err; } @@ -2039,22 +2039,22 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb) /* Generate a new random key. */ if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); + SSLerror(ERR_R_DH_LIB); goto err; } if (!DH_generate_key(dh_clnt)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); + SSLerror(ERR_R_DH_LIB); goto err; } key_size = DH_size(dh_clnt); if ((key = malloc(key_size)) == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } key_len = DH_compute_key(key, dh_srvr->pub_key, dh_clnt); if (key_len <= 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); + SSLerror(ERR_R_DH_LIB); goto err; } @@ -2098,38 +2098,38 @@ ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb) if ((group = EC_KEY_get0_group(sc->peer_ecdh_tmp)) == NULL || (point = EC_KEY_get0_public_key(sc->peer_ecdh_tmp)) == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } if ((ecdh = EC_KEY_new()) == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } if (!EC_KEY_set_group(ecdh, group)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); + SSLerror(ERR_R_EC_LIB); goto err; } /* Generate a new ECDH key pair. */ if (!(EC_KEY_generate_key(ecdh))) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); + SSLerror(ERR_R_ECDH_LIB); goto err; } if ((key_size = ECDH_size(ecdh)) <= 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); + SSLerror(ERR_R_ECDH_LIB); goto err; } if ((key = malloc(key_size)) == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_MALLOC_FAILURE); } key_len = ECDH_compute_key(key, key_size, point, ecdh, NULL); if (key_len <= 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); + SSLerror(ERR_R_ECDH_LIB); goto err; } @@ -2141,12 +2141,12 @@ ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb) encoded_len = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh), POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL); if (encoded_len == 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); + SSLerror(ERR_R_ECDH_LIB); goto err; } if ((bn_ctx = BN_CTX_new()) == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } @@ -2233,7 +2233,7 @@ ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sc, CBB *cbb) goto err; } else { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -2261,7 +2261,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb) /* Get server sertificate PKEY and create ctx from it */ peer_cert = sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509; if (peer_cert == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSLerror( SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); goto err; } @@ -2298,7 +2298,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb) */ ukm_hash = EVP_MD_CTX_create(); if (ukm_hash == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } @@ -2315,7 +2315,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb) EVP_MD_CTX_destroy(ukm_hash); if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_LIBRARY_BUG); + SSLerror(SSL_R_LIBRARY_BUG); goto err; } @@ -2325,7 +2325,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb) msglen = 255; if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, 32) < 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_LIBRARY_BUG); + SSLerror(SSL_R_LIBRARY_BUG); goto err; } @@ -2371,7 +2371,7 @@ ssl3_send_client_key_exchange(SSL *s) if ((sess_cert = SSI(s)->sess_cert) == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -2395,7 +2395,7 @@ ssl3_send_client_key_exchange(SSL *s) } else { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -2458,7 +2458,7 @@ ssl3_send_client_verify(SSL *s) &hdata); if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -2466,7 +2466,7 @@ ssl3_send_client_verify(SSL *s) if (!EVP_SignInit_ex(&mctx, md, NULL) || !EVP_SignUpdate(&mctx, hdata, hdatalen) || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + SSLerror( ERR_R_EVP_LIB); goto err; } @@ -2480,7 +2480,7 @@ ssl3_send_client_verify(SSL *s) if (RSA_sign(NID_md5_sha1, data, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]), &u, pkey->pkey.rsa) <= 0 ) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + SSLerror( ERR_R_RSA_LIB); goto err; } @@ -2491,7 +2491,7 @@ ssl3_send_client_verify(SSL *s) &(data[MD5_DIGEST_LENGTH]), SHA_DIGEST_LENGTH, &(p[2]), (unsigned int *)&j, pkey->pkey.dsa)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + SSLerror( ERR_R_DSA_LIB); goto err; } @@ -2502,7 +2502,7 @@ ssl3_send_client_verify(SSL *s) &(data[MD5_DIGEST_LENGTH]), SHA_DIGEST_LENGTH, &(p[2]), (unsigned int *)&j, pkey->pkey.ec)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + SSLerror( ERR_R_ECDSA_LIB); goto err; } @@ -2520,13 +2520,13 @@ ssl3_send_client_verify(SSL *s) hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); if (hdatalen <= 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || !(md = EVP_get_digestbynid(nid))) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + SSLerror( ERR_R_EVP_LIB); goto err; } @@ -2540,7 +2540,7 @@ ssl3_send_client_verify(SSL *s) NULL) <= 0) || (EVP_PKEY_sign(pctx, &(p[2]), &sigsize, signbuf, u) <= 0)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + SSLerror( ERR_R_EVP_LIB); goto err; } @@ -2551,7 +2551,7 @@ ssl3_send_client_verify(SSL *s) n = j + 2; #endif } else { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -2610,7 +2610,7 @@ ssl3_send_client_certificate(SSL *s) i = 0; } else if (i == 1) { i = 0; - SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, + SSLerror( SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); } @@ -2665,7 +2665,7 @@ ssl3_check_cert_and_algorithm(SSL *s) sc = SSI(s)->sess_cert; if (sc == NULL) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -2678,7 +2678,7 @@ ssl3_check_cert_and_algorithm(SSL *s) if (ssl_check_srvr_ecc_cert_and_alg( sc->peer_pkeys[idx].x509, s) == 0) { /* check failed */ - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSLerror( SSL_R_BAD_ECC_CERT); goto f_err; } else { @@ -2691,24 +2691,24 @@ ssl3_check_cert_and_algorithm(SSL *s) /* Check that we have a certificate if we require one. */ if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSLerror( SSL_R_MISSING_RSA_SIGNING_CERT); goto f_err; } else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSLerror( SSL_R_MISSING_DSA_SIGNING_CERT); goto f_err; } if ((alg_k & SSL_kRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSLerror( SSL_R_MISSING_RSA_ENCRYPTING_CERT); goto f_err; } if ((alg_k & SSL_kDHE) && !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSLerror( SSL_R_MISSING_DH_KEY); goto f_err; } diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c index 967811f1fe..525ba2146b 100644 --- a/src/lib/libssl/ssl_err.c +++ b/src/lib/libssl/ssl_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_err.c,v 1.31 2017/01/26 09:16:01 jsing Exp $ */ +/* $OpenBSD: ssl_err.c,v 1.32 2017/01/26 10:40:21 beck Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -70,227 +70,7 @@ #define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason) static ERR_STRING_DATA SSL_str_functs[]= { - {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"}, - {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"}, - {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, - {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, - {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, - {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, - {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, - {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, - {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"}, - {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, - {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"}, - {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, - {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, - {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, - {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, - {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, - {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, - {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, - {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"}, - {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"}, - {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, - {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, - {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, - {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, - {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, - {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, - {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, - {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, - {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, - {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, - {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, - {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, - {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, - {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, - {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, - {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, - {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, - {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, - {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, - {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, - {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, - {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, - {ERR_FUNC(SSL_F_READ_N), "READ_N"}, - {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"}, - {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"}, - {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"}, - {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"}, - {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"}, - {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"}, - {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"}, - {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"}, - {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"}, - {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"}, - {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"}, - {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"}, - {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"}, - {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"}, - {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"}, - {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"}, - {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"}, - {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"}, - {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"}, - {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, - {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, - {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, - {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, - {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, - {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, - {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, - {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, - {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, - {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, - {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, - {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, - {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"}, - {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, - {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, - {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, - {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, - {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, - {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, - {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, - {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, - {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, - {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, - {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, - {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, - {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, - {ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"}, - {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, - {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, - {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, - {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, - {ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"}, - {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, - {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, - {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, - {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, - {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, - {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"}, - {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, - {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, - {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, - {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"}, - {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"}, - {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, - {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, - {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"}, - {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"}, - {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, - {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, - {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, - {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, - {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"}, - {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, - {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, - {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, - {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, - {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"}, - {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, - {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, - {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, - {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"}, - {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, - {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, - {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, - {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, - {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"}, - {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, - {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, - {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, - {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"}, - {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"}, - {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, - {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, - {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"}, - {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, - {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, - {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, - {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, - {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, - {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, - {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, - {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, - {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, - {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, - {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, - {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, - {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, - {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, - {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, - {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, - {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, - {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, - {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"}, - {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, - {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, - {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"}, - {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, - {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, - {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, - {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, - {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, - {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, - {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, - {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, - {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"}, - {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, - {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"}, - {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, - {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, - {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"}, - {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"}, - {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, - {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, - {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, - {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, - {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, - {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, - {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, - {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"}, - {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, - {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, - {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, - {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, - {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, - {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, - {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, - {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, - {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, - {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"}, - {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, - {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, - {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, - {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"}, - {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, - {ERR_FUNC(SSL_F_TLS1_AEAD_CTX_INIT), "TLS1_AEAD_CTX_INIT"}, - {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"}, - {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"}, - {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD), "TLS1_CHANGE_CIPHER_STATE_AEAD"}, - {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER), "TLS1_CHANGE_CIPHER_STATE_CIPHER"}, - {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"}, - {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, - {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "TLS1_EXPORT_KEYING_MATERIAL"}, - {ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"}, - {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"}, - {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"}, - {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, - {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, - {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, + {ERR_FUNC(0xfff), "SSL_internal"}, {0, NULL} }; diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 6d5d5c468b..605fc428ad 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.153 2017/01/26 06:32:58 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.154 2017/01/26 10:40:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -163,7 +163,7 @@ int SSL_clear(SSL *s) { if (s->method == NULL) { - SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED); + SSLerror(SSL_R_NO_METHOD_SPECIFIED); return (0); } @@ -177,7 +177,7 @@ SSL_clear(SSL *s) s->internal->shutdown = 0; if (s->internal->renegotiate) { - SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return (0); } @@ -226,7 +226,7 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), &(ctx->internal->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { - SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, + SSLerror( SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return (0); } @@ -239,21 +239,21 @@ SSL_new(SSL_CTX *ctx) SSL *s; if (ctx == NULL) { - SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX); + SSLerror(SSL_R_NULL_SSL_CTX); return (NULL); } if (ctx->method == NULL) { - SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); + SSLerror(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); return (NULL); } if ((s = calloc(1, sizeof(*s))) == NULL) { - SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (NULL); } if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL) { free(s); - SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (NULL); } @@ -372,7 +372,7 @@ SSL_new(SSL_CTX *ctx) err: SSL_free(s); - SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (NULL); } @@ -381,7 +381,7 @@ SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { if (sid_ctx_len > sizeof ctx->sid_ctx) { - SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, + SSLerror( SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return (0); } @@ -396,7 +396,7 @@ SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { - SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, + SSLerror( SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return (0); } @@ -634,7 +634,7 @@ SSL_set_fd(SSL *s, int fd) bio = BIO_new(BIO_s_socket()); if (bio == NULL) { - SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); + SSLerror(ERR_R_BUF_LIB); goto err; } BIO_set_fd(bio, fd, BIO_NOCLOSE); @@ -655,7 +655,7 @@ SSL_set_wfd(SSL *s, int fd) bio = BIO_new(BIO_s_socket()); if (bio == NULL) { - SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB); + SSLerror(ERR_R_BUF_LIB); goto err; } BIO_set_fd(bio, fd, BIO_NOCLOSE); @@ -678,7 +678,7 @@ SSL_set_rfd(SSL *s, int fd) bio = BIO_new(BIO_s_socket()); if (bio == NULL) { - SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB); + SSLerror(ERR_R_BUF_LIB); goto err; } BIO_set_fd(bio, fd, BIO_NOCLOSE); @@ -873,12 +873,12 @@ SSL_CTX_check_private_key(const SSL_CTX *ctx) { if ((ctx == NULL) || (ctx->internal->cert == NULL) || (ctx->internal->cert->key->x509 == NULL)) { - SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, + SSLerror( SSL_R_NO_CERTIFICATE_ASSIGNED); return (0); } if (ctx->internal->cert->key->privatekey == NULL) { - SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, + SSLerror( SSL_R_NO_PRIVATE_KEY_ASSIGNED); return (0); } @@ -891,22 +891,22 @@ int SSL_check_private_key(const SSL *ssl) { if (ssl == NULL) { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, + SSLerror( ERR_R_PASSED_NULL_PARAMETER); return (0); } if (ssl->cert == NULL) { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, + SSLerror( SSL_R_NO_CERTIFICATE_ASSIGNED); return (0); } if (ssl->cert->key->x509 == NULL) { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, + SSLerror( SSL_R_NO_CERTIFICATE_ASSIGNED); return (0); } if (ssl->cert->key->privatekey == NULL) { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, + SSLerror( SSL_R_NO_PRIVATE_KEY_ASSIGNED); return (0); } @@ -942,7 +942,7 @@ int SSL_read(SSL *s, void *buf, int num) { if (s->internal->handshake_func == NULL) { - SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); + SSLerror(SSL_R_UNINITIALIZED); return (-1); } @@ -957,7 +957,7 @@ int SSL_peek(SSL *s, void *buf, int num) { if (s->internal->handshake_func == NULL) { - SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); + SSLerror(SSL_R_UNINITIALIZED); return (-1); } @@ -971,13 +971,13 @@ int SSL_write(SSL *s, const void *buf, int num) { if (s->internal->handshake_func == NULL) { - SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); + SSLerror(SSL_R_UNINITIALIZED); return (-1); } if (s->internal->shutdown & SSL_SENT_SHUTDOWN) { s->internal->rwstate = SSL_NOTHING; - SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); + SSLerror(SSL_R_PROTOCOL_IS_SHUTDOWN); return (-1); } return (s->method->internal->ssl_write(s, buf, num)); @@ -994,7 +994,7 @@ SSL_shutdown(SSL *s) */ if (s->internal->handshake_func == NULL) { - SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); + SSLerror(SSL_R_UNINITIALIZED); return (-1); } @@ -1306,7 +1306,7 @@ SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) if (sk == NULL) return (0); else if (sk_SSL_CIPHER_num(sk) == 0) { - SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); + SSLerror(SSL_R_NO_CIPHER_MATCH); return (0); } return (1); @@ -1324,7 +1324,7 @@ SSL_set_cipher_list(SSL *s, const char *str) if (sk == NULL) return (0); else if (sk_SSL_CIPHER_num(sk) == 0) { - SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); + SSLerror(SSL_R_NO_CIPHER_MATCH); return (0); } return (1); @@ -1428,20 +1428,20 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num) * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2]. */ if (num < 2 || num > 0x10000 - 2) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, + SSLerror( SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return (NULL); } if ((sk = sk_SSL_CIPHER_new_null()) == NULL) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); goto err; } CBS_init(&cbs, p, num); while (CBS_len(&cbs) > 0) { if (!CBS_get_u16(&cbs, &cipher_value)) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, + SSLerror( SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); goto err; } @@ -1454,7 +1454,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num) * renegotiating. */ if (s->internal->renegotiate) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, + SSLerror( SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); @@ -1474,7 +1474,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num) */ max_version = ssl_max_server_version(s); if (max_version == 0 || s->version < max_version) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, + SSLerror( SSL_R_INAPPROPRIATE_FALLBACK); if (s->s3 != NULL) ssl3_send_alert(s, SSL3_AL_FATAL, @@ -1486,7 +1486,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num) if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) { if (!sk_SSL_CIPHER_push(sk, c)) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } @@ -1797,22 +1797,22 @@ SSL_CTX_new(const SSL_METHOD *meth) SSL_CTX *ret; if (meth == NULL) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED); + SSLerror(SSL_R_NULL_SSL_METHOD_PASSED); return (NULL); } if ((ret = calloc(1, sizeof(*ret))) == NULL) { - SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (NULL); } if ((ret->internal = calloc(1, sizeof(*ret->internal))) == NULL) { free(ret); - SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (NULL); } if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { - SSLerr(SSL_F_SSL_CTX_NEW, + SSLerror( SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; } @@ -1872,7 +1872,7 @@ SSL_CTX_new(const SSL_METHOD *meth) &ret->internal->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST); if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); + SSLerror(SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; } @@ -1881,12 +1881,12 @@ SSL_CTX_new(const SSL_METHOD *meth) goto err; if ((ret->internal->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { - SSLerr(SSL_F_SSL_CTX_NEW, + SSLerror( SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); goto err2; } if ((ret->internal->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { - SSLerr(SSL_F_SSL_CTX_NEW, + SSLerror( SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); goto err2; } @@ -1942,7 +1942,7 @@ SSL_CTX_new(const SSL_METHOD *meth) return (ret); err: - SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); err2: SSL_CTX_free(ret); return (NULL); @@ -2126,7 +2126,7 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) /* Key usage, if present, must allow signing. */ if ((x->ex_flags & EXFLAG_KUSAGE) && ((x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) == 0)) { - SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, + SSLerror( SSL_R_ECC_CERT_NOT_FOR_SIGNING); return (0); } @@ -2159,7 +2159,7 @@ ssl_get_server_send_pkey(const SSL *s) } else if (alg_a & SSL_aGOST01) { i = SSL_PKEY_GOST01; } else { /* if (alg_a & SSL_aNULL) */ - SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return (NULL); } @@ -2199,7 +2199,7 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd) (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) idx = SSL_PKEY_ECC; if (idx == -1) { - SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return (NULL); } if (pmd) @@ -2403,7 +2403,7 @@ SSL_do_handshake(SSL *s) int ret = 1; if (s->internal->handshake_func == NULL) { - SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET); + SSLerror(SSL_R_CONNECTION_TYPE_NOT_SET); return (-1); } @@ -2448,7 +2448,7 @@ SSL_set_connect_state(SSL *s) int ssl_undefined_function(SSL *s) { - SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, + SSLerror( ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } @@ -2456,7 +2456,7 @@ ssl_undefined_function(SSL *s) int ssl_undefined_void_function(void) { - SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, + SSLerror( ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } @@ -2464,7 +2464,7 @@ ssl_undefined_void_function(void) int ssl_undefined_const_function(const SSL *s) { - SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, + SSLerror( ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } @@ -2700,7 +2700,7 @@ ssl_init_wbio_buffer(SSL *s, int push) (void)BIO_reset(bbio); /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ if (!BIO_set_read_buffer_size(bbio, 1)) { - SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB); + SSLerror(ERR_R_BUF_LIB); return (0); } if (push) { diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 215d4ad0b0..1ce9350ba6 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.171 2017/01/26 07:20:57 beck Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.172 2017/01/26 10:40:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1368,6 +1368,8 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out, size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, unsigned mac_secret_length); +#define SSLerror(r) ERR_PUT_error(ERR_LIB_SSL,(0xfff),(r),__FILE__,__LINE__) + __END_HIDDEN_DECLS #endif diff --git a/src/lib/libssl/ssl_packet.c b/src/lib/libssl/ssl_packet.c index 0c5b4c463b..a8462ffd84 100644 --- a/src/lib/libssl/ssl_packet.c +++ b/src/lib/libssl/ssl_packet.c @@ -106,12 +106,12 @@ ssl_convert_sslv2_client_hello(SSL *s) return -1; if (record_length < 9) { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, + SSLerror( SSL_R_RECORD_LENGTH_MISMATCH); return -1; } if (record_length > 4096) { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE); + SSLerror(SSL_R_RECORD_TOO_LARGE); return -1; } @@ -150,7 +150,7 @@ ssl_convert_sslv2_client_hello(SSL *s) if (!CBS_get_bytes(&cbs, &challenge, challenge_length)) return -1; if (CBS_len(&cbs) != 0) { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, + SSLerror( SSL_R_RECORD_LENGTH_MISMATCH); return -1; } @@ -236,7 +236,7 @@ ssl_server_legacy_first_packet(SSL *s) if (ssl_is_sslv2_client_hello(&header) == 1) { /* Only permit SSLv2 client hellos if TLSv1.0 is enabled. */ if (ssl_enabled_version_range(s, &min_version, NULL) != 1) { - SSLerr(SSL_F_SSL23_CLIENT_HELLO, + SSLerror( SSL_R_NO_PROTOCOLS_AVAILABLE); return -1; } @@ -244,7 +244,7 @@ ssl_server_legacy_first_packet(SSL *s) return 1; if (ssl_convert_sslv2_client_hello(s) != 1) { - SSLerr(SSL_F_SSL23_CLIENT_HELLO, + SSLerror( SSL_R_BAD_PACKET_LENGTH); return -1; } @@ -254,7 +254,7 @@ ssl_server_legacy_first_packet(SSL *s) /* Ensure that we have SSL3_RT_HEADER_LENGTH (5 bytes) of the packet. */ if (CBS_len(&header) != SSL3_RT_HEADER_LENGTH) { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return -1; } data = (const char *)CBS_data(&header); @@ -264,15 +264,15 @@ ssl_server_legacy_first_packet(SSL *s) strncmp("POST ", data, 5) == 0 || strncmp("HEAD ", data, 5) == 0 || strncmp("PUT ", data, 4) == 0) { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST); + SSLerror(SSL_R_HTTP_REQUEST); return -1; } if (strncmp("CONNE", data, 5) == 0) { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST); + SSLerror(SSL_R_HTTPS_PROXY_REQUEST); return -1; } - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL); + SSLerror(SSL_R_UNKNOWN_PROTOCOL); return -1; } diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 2fa7852b80..f354fb82bf 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.5 2017/01/26 08:19:43 beck Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.6 2017/01/26 10:40:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -224,7 +224,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) if (n > (int)(rb->len - rb->offset)) { /* does not happen */ - SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return -1; } @@ -248,7 +248,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) s->internal->rwstate = SSL_READING; i = BIO_read(s->rbio, pkt + len + left, max - left); } else { - SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET); + SSLerror(SSL_R_READ_BIO_NOT_SET); i = -1; } @@ -364,7 +364,7 @@ ssl3_get_record(SSL *s) if (!CBS_get_u8(&header, &type) || !CBS_get_u16(&header, &ssl_version) || !CBS_get_u16(&header, &len)) { - SSLerr(SSL_F_SSL3_GET_RECORD, + SSLerror( SSL_R_BAD_PACKET_LENGTH); goto err; } @@ -374,7 +374,7 @@ ssl3_get_record(SSL *s) /* Lets check version */ if (!s->internal->first_packet && ssl_version != s->version) { - SSLerr(SSL_F_SSL3_GET_RECORD, + SSLerror( SSL_R_WRONG_VERSION_NUMBER); if ((s->version & 0xFF00) == (ssl_version & 0xFF00) && !s->internal->enc_write_ctx && !s->internal->write_hash) @@ -385,14 +385,14 @@ ssl3_get_record(SSL *s) } if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) { - SSLerr(SSL_F_SSL3_GET_RECORD, + SSLerror( SSL_R_WRONG_VERSION_NUMBER); goto err; } if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD, + SSLerror( SSL_R_PACKET_LENGTH_TOO_LONG); goto f_err; } @@ -428,7 +428,7 @@ ssl3_get_record(SSL *s) /* check is not needed I believe */ if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); + SSLerror(SSL_R_ENCRYPTED_LENGTH_TOO_LONG); goto f_err; } @@ -442,7 +442,7 @@ ssl3_get_record(SSL *s) * -1: if the padding is invalid */ if (enc_err == 0) { al = SSL_AD_DECRYPTION_FAILED; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); + SSLerror(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); goto f_err; } @@ -470,7 +470,7 @@ ssl3_get_record(SSL *s) (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && orig_len < mac_size + 1)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT); + SSLerror(SSL_R_LENGTH_TOO_SHORT); goto f_err; } @@ -510,14 +510,14 @@ ssl3_get_record(SSL *s) * (e.g. via a logfile) */ al = SSL_AD_BAD_RECORD_MAC; - SSLerr(SSL_F_SSL3_GET_RECORD, + SSLerror( SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); goto f_err; } if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); + SSLerror(SSL_R_DATA_LENGTH_TOO_LONG); goto f_err; } @@ -543,7 +543,7 @@ ssl3_get_record(SSL *s) * empty record without forcing want_read. */ if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) { - SSLerr(SSL_F_SSL3_GET_RECORD, + SSLerror( SSL_R_PEER_BEHAVING_BADLY); return -1; } @@ -575,7 +575,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) int i; if (len < 0) { - SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return -1; } @@ -588,7 +588,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_SSL3_WRITE_BYTES, + SSLerror( SSL_R_SSL_HANDSHAKE_FAILURE); return -1; } @@ -698,7 +698,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (prefix_len > (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { /* insufficient space */ - SSLerr(SSL_F_DO_SSL3_WRITE, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -842,7 +842,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) && !(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || (S3I(s)->wpend_type != type)) { - SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); + SSLerror(SSL_R_BAD_WRITE_RETRY); return (-1); } @@ -854,7 +854,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) (char *)&(wb->buf[wb->offset]), (unsigned int)wb->left); } else { - SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET); + SSLerror(SSL_R_BIO_NOT_SET); i = -1; } if (i == wb->left) { @@ -919,14 +919,14 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) return (-1); if (len < 0) { - SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return -1; } if ((type && type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) || (peek && (type != SSL3_RT_APPLICATION_DATA))) { - SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return -1; } @@ -961,7 +961,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_SSL_HANDSHAKE_FAILURE); return (-1); } @@ -1004,7 +1004,7 @@ start: * reset by ssl3_get_finished */ && (rr->type != SSL3_RT_HANDSHAKE)) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); goto f_err; } @@ -1025,7 +1025,7 @@ start: if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && (s->enc_read_ctx == NULL)) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_APP_DATA_IN_HANDSHAKE); goto f_err; } @@ -1108,7 +1108,7 @@ start: (S3I(s)->handshake_fragment[2] != 0) || (S3I(s)->handshake_fragment[3] != 0)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); + SSLerror(SSL_R_BAD_HELLO_REQUEST); goto f_err; } @@ -1126,7 +1126,7 @@ start: if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_SSL_HANDSHAKE_FAILURE); return (-1); } @@ -1200,14 +1200,14 @@ start: */ else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_NO_RENEGOTIATION); goto f_err; } } else if (alert_level == SSL3_AL_FATAL) { s->internal->rwstate = SSL_NOTHING; S3I(s)->fatal_alert = alert_descr; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_AD_REASON_OFFSET + alert_descr); ERR_asprintf_error_data("SSL alert number %d", alert_descr); @@ -1216,7 +1216,7 @@ start: return (0); } else { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE); + SSLerror(SSL_R_UNKNOWN_ALERT_TYPE); goto f_err; } @@ -1236,7 +1236,7 @@ start: if ((rr->length != 1) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_BAD_CHANGE_CIPHER_SPEC); goto f_err; } @@ -1244,7 +1244,7 @@ start: /* Check we have a cipher to change to */ if (S3I(s)->tmp.new_cipher == NULL) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_CCS_RECEIVED_EARLY); goto f_err; } @@ -1252,7 +1252,7 @@ start: /* Check that we should be receiving a Change Cipher Spec. */ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_CCS_RECEIVED_EARLY); goto f_err; } @@ -1285,7 +1285,7 @@ start: if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_SSL_HANDSHAKE_FAILURE); return (-1); } @@ -1315,7 +1315,7 @@ start: goto start; } al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); + SSLerror(SSL_R_UNEXPECTED_RECORD); goto f_err; case SSL3_RT_CHANGE_CIPHER_SPEC: case SSL3_RT_ALERT: @@ -1324,7 +1324,7 @@ start: * of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that * should not happen when type != rr->type */ al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); goto f_err; case SSL3_RT_APPLICATION_DATA: /* At this point, we were expecting handshake data, @@ -1346,7 +1346,7 @@ start: return (-1); } else { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); + SSLerror(SSL_R_UNEXPECTED_RECORD); goto f_err; } } @@ -1373,7 +1373,7 @@ ssl3_do_change_cipher_spec(SSL *s) if (S3I(s)->tmp.key_block == NULL) { if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ - SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, + SSLerror( SSL_R_CCS_RECEIVED_EARLY); return (0); } @@ -1400,7 +1400,7 @@ ssl3_do_change_cipher_spec(SSL *s) i = tls1_final_finish_mac(s, sender, slen, S3I(s)->tmp.peer_finish_md); if (i == 0) { - SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return 0; } S3I(s)->tmp.peer_finish_md_len = i; diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c index 03eedc0d8a..3efed227f0 100644 --- a/src/lib/libssl/ssl_rsa.c +++ b/src/lib/libssl/ssl_rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_rsa.c,v 1.25 2017/01/24 14:57:31 jsing Exp $ */ +/* $OpenBSD: ssl_rsa.c,v 1.26 2017/01/26 10:40:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -74,11 +74,11 @@ int SSL_use_certificate(SSL *ssl, X509 *x) { if (x == NULL) { - SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); + SSLerror(ERR_R_PASSED_NULL_PARAMETER); return (0); } if (!ssl_cert_inst(&ssl->cert)) { - SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (0); } return (ssl_set_cert(ssl->cert, x)); @@ -94,12 +94,12 @@ SSL_use_certificate_file(SSL *ssl, const char *file, int type) in = BIO_new(BIO_s_file_internal()); if (in == NULL) { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); + SSLerror(ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); + SSLerror(ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_ASN1) { @@ -111,12 +111,12 @@ SSL_use_certificate_file(SSL *ssl, const char *file, int type) ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); } else { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); + SSLerror(SSL_R_BAD_SSL_FILETYPE); goto end; } if (x == NULL) { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j); + SSLerror(j); goto end; } @@ -135,7 +135,7 @@ SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) x = d2i_X509(NULL, &d,(long)len); if (x == NULL) { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); + SSLerror(ERR_R_ASN1_LIB); return (0); } @@ -151,15 +151,15 @@ SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) int ret; if (rsa == NULL) { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); + SSLerror(ERR_R_PASSED_NULL_PARAMETER); return (0); } if (!ssl_cert_inst(&ssl->cert)) { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (0); } if ((pkey = EVP_PKEY_new()) == NULL) { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); + SSLerror(ERR_R_EVP_LIB); return (0); } @@ -178,7 +178,7 @@ ssl_set_pkey(CERT *c, EVP_PKEY *pkey) i = ssl_cert_type(NULL, pkey); if (i < 0) { - SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); + SSLerror(SSL_R_UNKNOWN_CERTIFICATE_TYPE); return (0); } @@ -222,12 +222,12 @@ SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) in = BIO_new(BIO_s_file_internal()); if (in == NULL) { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); + SSLerror(ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); + SSLerror(ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_ASN1) { @@ -239,11 +239,11 @@ SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); } else { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); + SSLerror(SSL_R_BAD_SSL_FILETYPE); goto end; } if (rsa == NULL) { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j); + SSLerror(j); goto end; } ret = SSL_use_RSAPrivateKey(ssl, rsa); @@ -262,7 +262,7 @@ SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) p = d; if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); + SSLerror(ERR_R_ASN1_LIB); return (0); } @@ -277,11 +277,11 @@ SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) int ret; if (pkey == NULL) { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); + SSLerror(ERR_R_PASSED_NULL_PARAMETER); return (0); } if (!ssl_cert_inst(&ssl->cert)) { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (0); } ret = ssl_set_pkey(ssl->cert, pkey); @@ -297,12 +297,12 @@ SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) in = BIO_new(BIO_s_file_internal()); if (in == NULL) { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); + SSLerror(ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); + SSLerror(ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_PEM) { @@ -314,11 +314,11 @@ SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) j = ERR_R_ASN1_LIB; pkey = d2i_PrivateKey_bio(in, NULL); } else { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); + SSLerror(SSL_R_BAD_SSL_FILETYPE); goto end; } if (pkey == NULL) { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j); + SSLerror(j); goto end; } ret = SSL_use_PrivateKey(ssl, pkey); @@ -337,7 +337,7 @@ SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) p = d; if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); + SSLerror(ERR_R_ASN1_LIB); return (0); } @@ -350,11 +350,11 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) { if (x == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); + SSLerror(ERR_R_PASSED_NULL_PARAMETER); return (0); } if (!ssl_cert_inst(&ctx->internal->cert)) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (0); } return (ssl_set_cert(ctx->internal->cert, x)); @@ -368,13 +368,13 @@ ssl_set_cert(CERT *c, X509 *x) pkey = X509_get_pubkey(x); if (pkey == NULL) { - SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB); + SSLerror(SSL_R_X509_LIB); return (0); } i = ssl_cert_type(x, pkey); if (i < 0) { - SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE); + SSLerror(SSL_R_UNKNOWN_CERTIFICATE_TYPE); EVP_PKEY_free(pkey); return (0); } @@ -427,12 +427,12 @@ SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) in = BIO_new(BIO_s_file_internal()); if (in == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); + SSLerror(ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); + SSLerror(ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_ASN1) { @@ -443,12 +443,12 @@ SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); } else { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); + SSLerror(SSL_R_BAD_SSL_FILETYPE); goto end; } if (x == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j); + SSLerror(j); goto end; } @@ -467,7 +467,7 @@ SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) x = d2i_X509(NULL, &d,(long)len); if (x == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); + SSLerror(ERR_R_ASN1_LIB); return (0); } @@ -483,15 +483,15 @@ SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) EVP_PKEY *pkey; if (rsa == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); + SSLerror(ERR_R_PASSED_NULL_PARAMETER); return (0); } if (!ssl_cert_inst(&ctx->internal->cert)) { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (0); } if ((pkey = EVP_PKEY_new()) == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); + SSLerror(ERR_R_EVP_LIB); return (0); } @@ -512,12 +512,12 @@ SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) in = BIO_new(BIO_s_file_internal()); if (in == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); + SSLerror(ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); + SSLerror(ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_ASN1) { @@ -529,11 +529,11 @@ SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); } else { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); + SSLerror(SSL_R_BAD_SSL_FILETYPE); goto end; } if (rsa == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j); + SSLerror(j); goto end; } ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); @@ -552,7 +552,7 @@ SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) p = d; if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); + SSLerror(ERR_R_ASN1_LIB); return (0); } @@ -565,12 +565,12 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) { if (pkey == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, + SSLerror( ERR_R_PASSED_NULL_PARAMETER); return (0); } if (!ssl_cert_inst(&ctx->internal->cert)) { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (0); } return (ssl_set_pkey(ctx->internal->cert, pkey)); @@ -585,12 +585,12 @@ SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) in = BIO_new(BIO_s_file_internal()); if (in == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); + SSLerror(ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); + SSLerror(ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_PEM) { @@ -602,12 +602,12 @@ SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) j = ERR_R_ASN1_LIB; pkey = d2i_PrivateKey_bio(in, NULL); } else { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, + SSLerror( SSL_R_BAD_SSL_FILETYPE); goto end; } if (pkey == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j); + SSLerror(j); goto end; } ret = SSL_CTX_use_PrivateKey(ctx, pkey); @@ -627,7 +627,7 @@ SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, p = d; if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); + SSLerror(ERR_R_ASN1_LIB); return (0); } @@ -653,7 +653,7 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in) x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); if (x == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); + SSLerror(ERR_R_PEM_LIB); goto end; } @@ -713,12 +713,12 @@ SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) in = BIO_new(BIO_s_file_internal()); if (in == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); + SSLerror(ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB); + SSLerror(ERR_R_SYS_LIB); goto end; } @@ -737,7 +737,7 @@ SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len) in = BIO_new_mem_buf(buf, len); if (in == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); + SSLerror(ERR_R_BUF_LIB); goto end; } diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 8c802b170e..5cd531ef59 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.67 2017/01/24 09:03:21 jsing Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.68 2017/01/26 10:40:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -200,12 +200,12 @@ SSL_SESSION_new(void) SSL_SESSION *ss; if ((ss = calloc(1, sizeof(*ss))) == NULL) { - SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (NULL); } if ((ss->internal = calloc(1, sizeof(*ss->internal))) == NULL) { free(ss); - SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (NULL); } @@ -312,7 +312,7 @@ ssl_get_new_session(SSL *s, int session) ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; break; default: - SSLerr(SSL_F_SSL_GET_NEW_SESSION, + SSLerror( SSL_R_UNSUPPORTED_SSL_VERSION); SSL_SESSION_free(ss); return (0); @@ -336,7 +336,7 @@ ssl_get_new_session(SSL *s, int session) tmp = ss->session_id_length; if (!cb(s, ss->session_id, &tmp)) { /* The callback failed */ - SSLerr(SSL_F_SSL_GET_NEW_SESSION, + SSLerror( SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); SSL_SESSION_free(ss); return (0); @@ -348,7 +348,7 @@ ssl_get_new_session(SSL *s, int session) */ if (!tmp || (tmp > ss->session_id_length)) { /* The callback set an illegal length */ - SSLerr(SSL_F_SSL_GET_NEW_SESSION, + SSLerror( SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); SSL_SESSION_free(ss); return (0); @@ -358,7 +358,7 @@ ssl_get_new_session(SSL *s, int session) /* Finally, check for a conflict. */ if (SSL_has_matching_session_id(s, ss->session_id, ss->session_id_length)) { - SSLerr(SSL_F_SSL_GET_NEW_SESSION, + SSLerror( SSL_R_SSL_SESSION_ID_CONFLICT); SSL_SESSION_free(ss); return (0); @@ -368,7 +368,7 @@ sess_id_done: if (s->tlsext_hostname) { ss->tlsext_hostname = strdup(s->tlsext_hostname); if (ss->tlsext_hostname == NULL) { - SSLerr(SSL_F_SSL_GET_NEW_SESSION, + SSLerror( ERR_R_INTERNAL_ERROR); SSL_SESSION_free(ss); return 0; @@ -379,7 +379,7 @@ sess_id_done: } if (s->sid_ctx_length > sizeof ss->sid_ctx) { - SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); SSL_SESSION_free(ss); return 0; } @@ -528,7 +528,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, * applications to effectively disable the session cache by * accident without anyone noticing). */ - SSLerr(SSL_F_SSL_GET_PREV_SESSION, + SSLerror( SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); fatal = 1; goto err; @@ -729,7 +729,7 @@ SSL_set_session(SSL *s, SSL_SESSION *session) if (meth == NULL) meth = s->method->internal->get_ssl_method(session->ssl_version); if (meth == NULL) { - SSLerr(SSL_F_SSL_SET_SESSION, + SSLerror( SSL_R_UNABLE_TO_FIND_SSL_METHOD); return (0); } @@ -810,7 +810,7 @@ SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { - SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT, + SSLerror( SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; } @@ -872,7 +872,7 @@ SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) s->internal->tlsext_session_ticket = malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); if (!s->internal->tlsext_session_ticket) { - SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, + SSLerror( ERR_R_MALLOC_FAILURE); return 0; } @@ -1080,12 +1080,12 @@ int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) { if (!ENGINE_init(e)) { - SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, + SSLerror( ERR_R_ENGINE_LIB); return 0; } if (!ENGINE_get_ssl_client_cert_function(e)) { - SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, + SSLerror( SSL_R_NO_CLIENT_CERT_METHOD); ENGINE_finish(e); return 0; diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index a716947ab9..46ca4d6c9c 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.2 2017/01/26 06:32:58 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.3 2017/01/26 10:40:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -189,7 +189,7 @@ ssl3_accept(SSL *s) SSL_clear(s); if (s->cert == NULL) { - SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET); + SSLerror(SSL_R_NO_CERTIFICATE_SET); ret = -1; goto end; } @@ -212,7 +212,7 @@ ssl3_accept(SSL *s) cb(s, SSL_CB_HANDSHAKE_START, 1); if ((s->version >> 8) != 3) { - SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); ret = -1; goto end; } @@ -253,7 +253,7 @@ ssl3_accept(SSL *s) * client that doesn't support secure * renegotiation. */ - SSLerr(SSL_F_SSL3_ACCEPT, + SSLerror( SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); @@ -484,7 +484,7 @@ ssl3_accept(SSL *s) * at this point and digest cached records. */ if (!S3I(s)->handshake_buffer) { - SSLerr(SSL_F_SSL3_ACCEPT, + SSLerror( ERR_R_INTERNAL_ERROR); ret = -1; goto end; @@ -673,7 +673,7 @@ ssl3_accept(SSL *s) /* break; */ default: - SSLerr(SSL_F_SSL3_ACCEPT, + SSLerror( SSL_R_UNKNOWN_STATE); ret = -1; goto end; @@ -765,7 +765,7 @@ ssl3_get_client_hello(SSL *s) p += 2; if (ssl_max_shared_version(s, s->client_version, &shared_version) != 1) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); + SSLerror(SSL_R_WRONG_VERSION_NUMBER); if ((s->client_version >> 8) == SSL3_VERSION_MAJOR && !s->internal->enc_write_ctx && !s->internal->write_hash) { /* @@ -782,7 +782,7 @@ ssl3_get_client_hello(SSL *s) if ((method = tls1_get_server_method(shared_version)) == NULL) method = dtls1_get_server_method(shared_version); if (method == NULL) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); goto err; } s->method = method; @@ -868,7 +868,7 @@ ssl3_get_client_hello(SSL *s) if (cookie_len > sizeof(D1I(s)->rcvd_cookie)) { /* too much data */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSLerror( SSL_R_COOKIE_MISMATCH); goto f_err; } @@ -885,7 +885,7 @@ ssl3_get_client_hello(SSL *s) if (s->ctx->internal->app_verify_cookie_cb(s, D1I(s)->rcvd_cookie, cookie_len) == 0) { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSLerror( SSL_R_COOKIE_MISMATCH); goto f_err; } @@ -894,7 +894,7 @@ ssl3_get_client_hello(SSL *s) D1I(s)->cookie_len) != 0) { /* default verification */ al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSLerror( SSL_R_COOKIE_MISMATCH); goto f_err; } @@ -911,7 +911,7 @@ ssl3_get_client_hello(SSL *s) if ((i == 0) && (j != 0)) { /* we need a cipher if we are not resuming a session */ al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSLerror( SSL_R_NO_CIPHERS_SPECIFIED); goto f_err; } @@ -941,7 +941,7 @@ ssl3_get_client_hello(SSL *s) * list if we are asked to reuse it */ al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSLerror( SSL_R_REQUIRED_CIPHER_MISSING); goto f_err; } @@ -962,7 +962,7 @@ ssl3_get_client_hello(SSL *s) if (j >= i) { /* no compress */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSLerror( SSL_R_NO_COMPRESSION_SPECIFIED); goto f_err; } @@ -970,11 +970,11 @@ ssl3_get_client_hello(SSL *s) /* TLS extensions*/ if (!ssl_parse_clienthello_tlsext(s, &p, d, n, &al)) { /* 'al' set by ssl_parse_clienthello_tlsext */ - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT); + SSLerror(SSL_R_PARSE_TLSEXT); goto f_err; } if (ssl_check_clienthello_tlsext_early(s) <= 0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSLerror( SSL_R_CLIENTHELLO_TLSEXT); goto err; } @@ -1006,7 +1006,7 @@ ssl3_get_client_hello(SSL *s) SSL_get_ciphers(s)); if (pref_cipher == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSLerror( SSL_R_NO_SHARED_CIPHER); goto f_err; } @@ -1032,7 +1032,7 @@ ssl3_get_client_hello(SSL *s) s->session->ciphers = ciphers; if (ciphers == NULL) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSLerror( SSL_R_NO_CIPHERS_PASSED); goto f_err; } @@ -1042,7 +1042,7 @@ ssl3_get_client_hello(SSL *s) if (c == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSLerror( SSL_R_NO_SHARED_CIPHER); goto f_err; } @@ -1074,7 +1074,7 @@ ssl3_get_client_hello(SSL *s) /* Handles TLS extensions that we couldn't check earlier */ if (ssl_check_clienthello_tlsext_late(s) <= 0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); + SSLerror(SSL_R_CLIENTHELLO_TLSEXT); goto err; } @@ -1083,7 +1083,7 @@ ssl3_get_client_hello(SSL *s) if (0) { truncated: al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_BAD_PACKET_LENGTH); + SSLerror(SSL_R_BAD_PACKET_LENGTH); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); } @@ -1142,7 +1142,7 @@ ssl3_send_server_hello(SSL *s) sl = s->session->session_id_length; if (sl > (int)sizeof(s->session->session_id)) { - SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -1166,7 +1166,7 @@ ssl3_send_server_hello(SSL *s) if ((p = ssl_add_serverhello_tlsext(s, p + outlen, bufend)) == NULL) { - SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -1208,7 +1208,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) if (s->cert->dh_tmp_auto != 0) { if ((dhp = ssl_get_auto_dh(s)) == NULL) { al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSLerror( ERR_R_INTERNAL_ERROR); goto f_err; } @@ -1221,13 +1221,13 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) if (dhp == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSLerror( SSL_R_MISSING_TMP_DH_KEY); goto f_err; } if (S3I(s)->tmp.dh != NULL) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -1235,12 +1235,12 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) if (s->cert->dh_tmp_auto != 0) { dh = dhp; } else if ((dh = DHparams_dup(dhp)) == NULL) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB); + SSLerror(ERR_R_DH_LIB); goto err; } S3I(s)->tmp.dh = dh; if (!DH_generate_key(dh)) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB); + SSLerror(ERR_R_DH_LIB); goto err; } @@ -1299,13 +1299,13 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) } if (ecdhp == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSLerror( SSL_R_MISSING_TMP_ECDH_KEY); goto f_err; } if (S3I(s)->tmp.ecdh != NULL) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -1314,7 +1314,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) if (s->cert->ecdh_tmp_auto != 0) { ecdh = ecdhp; } else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSLerror( ERR_R_ECDH_LIB); goto err; } @@ -1324,7 +1324,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) (EC_KEY_get0_private_key(ecdh) == NULL) || (s->internal->options & SSL_OP_SINGLE_ECDH_USE)) { if (!EC_KEY_generate_key(ecdh)) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSLerror( ERR_R_ECDH_LIB); goto err; } @@ -1333,7 +1333,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) if (((group = EC_KEY_get0_group(ecdh)) == NULL) || (EC_KEY_get0_public_key(ecdh) == NULL) || (EC_KEY_get0_private_key(ecdh) == NULL)) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSLerror( ERR_R_ECDH_LIB); goto err; } @@ -1344,7 +1344,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) */ if ((curve_id = tls1_ec_nid2curve_id( EC_GROUP_get_curve_name(group))) == 0) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSLerror( SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); goto err; } @@ -1360,7 +1360,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) bn_ctx = BN_CTX_new(); if ((encodedPoint == NULL) || (bn_ctx == NULL)) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } @@ -1369,7 +1369,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) POINT_CONVERSION_UNCOMPRESSED, encodedPoint, encodedlen, bn_ctx); if (encodedlen == 0) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB); + SSLerror(ERR_R_ECDH_LIB); goto err; } @@ -1421,7 +1421,7 @@ ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb) /* Generate an X25519 key pair. */ if (S3I(s)->tmp.x25519 != NULL) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -1433,7 +1433,7 @@ ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb) /* Serialize public key. */ if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSLerror( SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); goto err; } @@ -1509,7 +1509,7 @@ ssl3_send_server_key_exchange(SSL *s) goto err; } else { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSLerror( SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); goto f_err; } @@ -1531,7 +1531,7 @@ ssl3_send_server_key_exchange(SSL *s) if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) + params_len + kn)) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSLerror( ERR_LIB_BUF); goto err; } @@ -1575,9 +1575,7 @@ ssl3_send_server_key_exchange(SSL *s) } if (RSA_sign(NID_md5_sha1, md_buf, j, &(p[2]), &u, pkey->pkey.rsa) <= 0) { - SSLerr( - SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, - ERR_LIB_RSA); + SSLerror(ERR_R_RSA_LIB); goto err; } s2n(u, p); @@ -1588,9 +1586,7 @@ ssl3_send_server_key_exchange(SSL *s) if (!tls12_get_sigandhash(p, pkey, md)) { /* Should never happen */ al = SSL_AD_INTERNAL_ERROR; - SSLerr( - SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); goto f_err; } p += 2; @@ -1605,9 +1601,7 @@ ssl3_send_server_key_exchange(SSL *s) EVP_SignUpdate(&md_ctx, d, n); if (!EVP_SignFinal(&md_ctx, &p[2], (unsigned int *)&i, pkey)) { - SSLerr( - SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, - ERR_LIB_EVP); + SSLerror(ERR_R_EVP_LIB); goto err; } s2n(i, p); @@ -1617,7 +1611,7 @@ ssl3_send_server_key_exchange(SSL *s) } else { /* Is this error check actually needed? */ al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSLerror( SSL_R_UNKNOWN_PKEY_TYPE); goto f_err; } @@ -1684,9 +1678,7 @@ ssl3_send_certificate_request(SSL *s) if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) + n + j + 2)) { - SSLerr( - SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, - ERR_R_BUF_LIB); + SSLerror(ERR_R_BUF_LIB); goto err; } p = ssl3_handshake_msg_start(s, @@ -1732,7 +1724,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n) if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerror( SSL_R_MISSING_RSA_CERTIFICATE); goto f_err; } @@ -1742,7 +1734,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n) goto truncated; n2s(p, i); if (n != i + 2) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerror( SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG); goto err; } else @@ -1756,7 +1748,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n) if (i != SSL_MAX_MASTER_KEY_LENGTH) { al = SSL_AD_DECODE_ERROR; - /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ + /* SSLerror(SSL_R_BAD_RSA_DECRYPT); */ } if (p - d + 2 > n) /* needed in the SSL3 case */ @@ -1778,7 +1770,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n) (p[0] == (s->version >> 8)) && (p[1] == (s->version & 0xff)))) { al = SSL_AD_DECODE_ERROR; - /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */ + /* SSLerror(SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */ /* * The Klima-Pokorny-Rosa extension of @@ -1816,7 +1808,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n) return (1); truncated: al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH); + SSLerror(SSL_R_BAD_PACKET_LENGTH); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: @@ -1844,21 +1836,21 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n) if (S3I(s)->tmp.dh == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerror( SSL_R_MISSING_TMP_DH_KEY); goto f_err; } dh = S3I(s)->tmp.dh; if ((bn = BN_bin2bn(CBS_data(&dh_Yc), CBS_len(&dh_Yc), NULL)) == NULL) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerror( SSL_R_BN_LIB); goto err; } key_size = DH_compute_key(p, bn, dh); if (key_size <= 0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); + SSLerror(ERR_R_DH_LIB); BN_clear_free(bn); goto err; } @@ -1878,7 +1870,7 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n) truncated: al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH); + SSLerror(SSL_R_BAD_PACKET_LENGTH); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: @@ -1902,7 +1894,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n) /* Initialize structures for server's ECDH key pair. */ if ((srvr_ecdh = EC_KEY_new()) == NULL) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } @@ -1918,14 +1910,14 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n) if (!EC_KEY_set_group(srvr_ecdh, group) || !EC_KEY_set_private_key(srvr_ecdh, priv_key)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_EC_LIB); goto err; } /* Let's get client's public key */ if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } @@ -1948,7 +1940,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n) * group. */ al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerror( SSL_R_UNABLE_TO_DECODE_ECDH_CERTS); goto f_err; } @@ -1956,7 +1948,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n) if (EC_POINT_copy(clnt_ecpoint, EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_EC_LIB); goto err; } @@ -1967,7 +1959,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n) * in the ClientKeyExchange message. */ if ((bn_ctx = BN_CTX_new()) == NULL) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } @@ -1977,13 +1969,13 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n) p += 1; if (n != 1 + i) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_EC_LIB); goto err; } if (EC_POINT_oct2point(group, clnt_ecpoint, p, i, bn_ctx) == 0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_EC_LIB); goto err; } @@ -1997,14 +1989,14 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n) /* Compute the shared pre-master secret */ key_size = ECDH_size(srvr_ecdh); if (key_size <= 0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_ECDH_LIB); goto err; } i = ECDH_compute_key(p, key_size, clnt_ecpoint, srvr_ecdh, NULL); if (i <= 0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerror( ERR_R_ECDH_LIB); goto err; } @@ -2122,7 +2114,7 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n) if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag, &Tclass, n) != V_ASN1_CONSTRUCTED || Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerror( SSL_R_DECRYPTION_FAILED); goto gerr; } @@ -2130,7 +2122,7 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n) inlen = Tlen; if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, start, inlen) <=0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerror( SSL_R_DECRYPTION_FAILED); goto gerr; } @@ -2154,7 +2146,7 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n) truncated: al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH); + SSLerror(SSL_R_BAD_PACKET_LENGTH); ssl3_send_alert(s, SSL3_AL_FATAL, al); err: return (-1); @@ -2192,7 +2184,7 @@ ssl3_get_client_key_exchange(SSL *s) goto err; } else { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerror( SSL_R_UNKNOWN_CIPHER_TYPE); goto f_err; } @@ -2236,7 +2228,7 @@ ssl3_get_cert_verify(SSL *s) S3I(s)->tmp.reuse_message = 1; if (peer != NULL) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( SSL_R_MISSING_VERIFY_MESSAGE); goto f_err; } @@ -2245,21 +2237,21 @@ ssl3_get_cert_verify(SSL *s) } if (peer == NULL) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( SSL_R_NO_CLIENT_CERT_RECEIVED); al = SSL_AD_UNEXPECTED_MESSAGE; goto f_err; } if (!(type & EVP_PKT_SIGN)) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); al = SSL_AD_ILLEGAL_PARAMETER; goto f_err; } if (S3I(s)->change_cipher_spec) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( SSL_R_CCS_RECEIVED_EARLY); al = SSL_AD_UNEXPECTED_MESSAGE; goto f_err; @@ -2281,7 +2273,7 @@ ssl3_get_cert_verify(SSL *s) int sigalg = tls12_get_sigid(pkey); /* Should never happen */ if (sigalg == -1) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( ERR_R_INTERNAL_ERROR); al = SSL_AD_INTERNAL_ERROR; goto f_err; @@ -2290,14 +2282,14 @@ ssl3_get_cert_verify(SSL *s) goto truncated; /* Check key type is consistent with signature */ if (sigalg != (int)p[1]) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( SSL_R_WRONG_SIGNATURE_TYPE); al = SSL_AD_DECODE_ERROR; goto f_err; } md = tls12_get_hash(p[0]); if (md == NULL) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( SSL_R_UNKNOWN_DIGEST); al = SSL_AD_DECODE_ERROR; goto f_err; @@ -2314,7 +2306,7 @@ ssl3_get_cert_verify(SSL *s) } j = EVP_PKEY_size(pkey); if ((i > j) || (n > j) || (n <= 0)) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( SSL_R_WRONG_SIGNATURE_SIZE); al = SSL_AD_DECODE_ERROR; goto f_err; @@ -2325,14 +2317,14 @@ ssl3_get_cert_verify(SSL *s) void *hdata; hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); if (hdatalen <= 0) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( ERR_R_INTERNAL_ERROR); al = SSL_AD_INTERNAL_ERROR; goto f_err; } if (!EVP_VerifyInit_ex(&mctx, md, NULL) || !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; goto f_err; @@ -2340,7 +2332,7 @@ ssl3_get_cert_verify(SSL *s) if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) { al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( SSL_R_BAD_SIGNATURE); goto f_err; } @@ -2351,13 +2343,13 @@ ssl3_get_cert_verify(SSL *s) pkey->pkey.rsa); if (i < 0) { al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( SSL_R_BAD_RSA_DECRYPT); goto f_err; } if (i == 0) { al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( SSL_R_BAD_RSA_SIGNATURE); goto f_err; } @@ -2369,7 +2361,7 @@ ssl3_get_cert_verify(SSL *s) if (j <= 0) { /* bad signature */ al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( SSL_R_BAD_DSA_SIGNATURE); goto f_err; } @@ -2381,7 +2373,7 @@ ssl3_get_cert_verify(SSL *s) if (j <= 0) { /* bad signature */ al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( SSL_R_BAD_ECDSA_SIGNATURE); goto f_err; } @@ -2398,21 +2390,21 @@ ssl3_get_cert_verify(SSL *s) hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); if (hdatalen <= 0) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( ERR_R_INTERNAL_ERROR); al = SSL_AD_INTERNAL_ERROR; goto f_err; } if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || !(md = EVP_get_digestbynid(nid))) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; goto f_err; } pctx = EVP_PKEY_CTX_new(pkey, NULL); if (!pctx) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; goto f_err; @@ -2426,7 +2418,7 @@ ssl3_get_cert_verify(SSL *s) EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0)) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; EVP_PKEY_CTX_free(pctx); @@ -2435,7 +2427,7 @@ ssl3_get_cert_verify(SSL *s) if (EVP_PKEY_verify(pctx, p, i, signature, siglen) <= 0) { al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( SSL_R_BAD_SIGNATURE); EVP_PKEY_CTX_free(pctx); goto f_err; @@ -2445,7 +2437,7 @@ ssl3_get_cert_verify(SSL *s) } else #endif { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSLerror( ERR_R_INTERNAL_ERROR); al = SSL_AD_UNSUPPORTED_CERTIFICATE; goto f_err; @@ -2456,7 +2448,7 @@ ssl3_get_cert_verify(SSL *s) if (0) { truncated: al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_PACKET_LENGTH); + SSLerror(SSL_R_BAD_PACKET_LENGTH); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); } @@ -2490,7 +2482,7 @@ ssl3_get_client_certificate(SSL *s) if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { if ((s->verify_mode & SSL_VERIFY_PEER) && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, + SSLerror( SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); al = SSL_AD_HANDSHAKE_FAILURE; goto f_err; @@ -2500,7 +2492,7 @@ ssl3_get_client_certificate(SSL *s) * the client must return a 0 list. */ if (S3I(s)->tmp.cert_request) { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, + SSLerror( SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST ); al = SSL_AD_UNEXPECTED_MESSAGE; @@ -2512,7 +2504,7 @@ ssl3_get_client_certificate(SSL *s) if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, + SSLerror( SSL_R_WRONG_MESSAGE_TYPE); goto f_err; } @@ -2523,7 +2515,7 @@ ssl3_get_client_certificate(SSL *s) CBS_init(&cbs, s->internal->init_msg, n); if ((sk = sk_X509_new_null()) == NULL) { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } @@ -2537,7 +2529,7 @@ ssl3_get_client_certificate(SSL *s) if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, + SSLerror( SSL_R_CERT_LENGTH_MISMATCH); goto f_err; } @@ -2545,18 +2537,18 @@ ssl3_get_client_certificate(SSL *s) q = CBS_data(&cert); x = d2i_X509(NULL, &q, CBS_len(&cert)); if (x == NULL) { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, + SSLerror( ERR_R_ASN1_LIB); goto err; } if (q != CBS_data(&cert) + CBS_len(&cert)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, + SSLerror( SSL_R_CERT_LENGTH_MISMATCH); goto f_err; } if (!sk_X509_push(sk, x)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } @@ -2570,7 +2562,7 @@ ssl3_get_client_certificate(SSL *s) */ if ((s->verify_mode & SSL_VERIFY_PEER) && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, + SSLerror( SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); al = SSL_AD_HANDSHAKE_FAILURE; goto f_err; @@ -2584,7 +2576,7 @@ ssl3_get_client_certificate(SSL *s) i = ssl_verify_cert_chain(s, sk); if (i <= 0) { al = ssl_verify_alarm_type(s->verify_result); - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, + SSLerror( SSL_R_NO_CERTIFICATE_RETURNED); goto f_err; } @@ -2601,7 +2593,7 @@ ssl3_get_client_certificate(SSL *s) if (SSI(s)->sess_cert == NULL) { SSI(s)->sess_cert = ssl_sess_cert_new(); if (SSI(s)->sess_cert == NULL) { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } @@ -2620,7 +2612,7 @@ ssl3_get_client_certificate(SSL *s) if (0) { truncated: al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, + SSLerror( SSL_R_BAD_PACKET_LENGTH); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -2646,7 +2638,7 @@ ssl3_send_server_certificate(SSL *s) if (s->internal->state == SSL3_ST_SW_CERT_A) { if ((x = ssl_get_server_send_cert(s)) == NULL) { - SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, + SSLerror( ERR_R_INTERNAL_ERROR); return (0); } @@ -2865,7 +2857,7 @@ ssl3_get_next_proto(SSL *s) * extension in their ClientHello */ if (!S3I(s)->next_proto_neg_seen) { - SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, + SSLerror( SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); return (-1); } @@ -2882,7 +2874,7 @@ ssl3_get_next_proto(SSL *s) * by ssl3_get_finished). */ if (!S3I(s)->change_cipher_spec) { - SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, + SSLerror( SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); return (-1); } @@ -2913,7 +2905,7 @@ ssl3_get_next_proto(SSL *s) s->internal->next_proto_negotiated_len = 0; if (!CBS_stow(&proto, &s->internal->next_proto_negotiated, &len)) { - SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, + SSLerror( ERR_R_MALLOC_FAILURE); return (0); } diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c index c3626dc03a..f654d0b3a1 100644 --- a/src/lib/libssl/ssl_txt.c +++ b/src/lib/libssl/ssl_txt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_txt.c,v 1.26 2014/12/14 15:30:50 jsing Exp $ */ +/* $OpenBSD: ssl_txt.c,v 1.27 2017/01/26 10:40:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -95,7 +95,7 @@ SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) int ret; if ((b = BIO_new(BIO_s_file_internal())) == NULL) { - SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB); + SSLerror(ERR_R_BUF_LIB); return (0); } BIO_set_fp(b, fp, BIO_NOCLOSE); diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 3181b63e39..f79219561a 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.93 2017/01/23 14:35:42 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.94 2017/01/26 10:40:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -203,7 +203,7 @@ tls1_finish_mac(SSL *s, const unsigned char *buf, int len) if (S3I(s)->handshake_dgst[i] == NULL) continue; if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) { - SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB); + SSLerror(ERR_R_EVP_LIB); return 0; } } @@ -223,12 +223,12 @@ tls1_digest_cached_records(SSL *s) S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *)); if (S3I(s)->handshake_dgst == NULL) { - SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); goto err; } hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); if (hdatalen <= 0) { - SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, + SSLerror( SSL_R_BAD_HANDSHAKE_LENGTH); goto err; } @@ -240,17 +240,17 @@ tls1_digest_cached_records(SSL *s) S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create(); if (S3I(s)->handshake_dgst[i] == NULL) { - SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, + SSLerror( ERR_R_MALLOC_FAILURE); goto err; } if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) { - SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB); + SSLerror(ERR_R_EVP_LIB); goto err; } if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata, hdatalen)) { - SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB); + SSLerror(ERR_R_EVP_LIB); goto err; } } @@ -385,7 +385,7 @@ tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2, count++; } if (count == 0) { - SSLerr(SSL_F_TLS1_PRF, + SSLerror( SSL_R_SSL_HANDSHAKE_FAILURE); goto err; } @@ -397,7 +397,7 @@ tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2, for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) { if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) { if (!md) { - SSLerr(SSL_F_TLS1_PRF, + SSLerror( SSL_R_UNSUPPORTED_DIGEST_TYPE); goto err; } @@ -446,7 +446,7 @@ tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx) *aead_ctx = malloc(sizeof(SSL_AEAD_CTX)); if (*aead_ctx == NULL) { - SSLerr(SSL_F_TLS1_AEAD_CTX_INIT, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (0); } @@ -474,7 +474,7 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) return (0); if (iv_len > sizeof(aead_ctx->fixed_nonce)) { - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD, + SSLerror( ERR_R_INTERNAL_ERROR); return (0); } @@ -491,14 +491,14 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, if (aead_ctx->xor_fixed_nonce) { if (aead_ctx->fixed_nonce_len != EVP_AEAD_nonce_length(aead) || aead_ctx->variable_nonce_len > EVP_AEAD_nonce_length(aead)) { - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD, + SSLerror( ERR_R_INTERNAL_ERROR); return (0); } } else { if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len != EVP_AEAD_nonce_length(aead)) { - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD, + SSLerror( ERR_R_INTERNAL_ERROR); return (0); } @@ -610,7 +610,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys, return (1); err: - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); return (0); } @@ -695,7 +695,7 @@ tls1_change_cipher_state(SSL *s, int which) } if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) { - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); goto err2; } @@ -736,7 +736,7 @@ tls1_setup_key_block(SSL *s) if (s->session->cipher && (s->session->cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)) { if (!ssl_cipher_get_evp_aead(s->session, &aead)) { - SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, + SSLerror( SSL_R_CIPHER_OR_HASH_UNAVAILABLE); return (0); } @@ -745,7 +745,7 @@ tls1_setup_key_block(SSL *s) } else { if (!ssl_cipher_get_evp(s->session, &cipher, &mac, &mac_type, &mac_secret_size)) { - SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, + SSLerror( SSL_R_CIPHER_OR_HASH_UNAVAILABLE); return (0); } @@ -767,7 +767,7 @@ tls1_setup_key_block(SSL *s) if ((key_block = reallocarray(NULL, mac_secret_size + key_len + iv_len, 2)) == NULL) { - SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); goto err; } key_block_len = (mac_secret_size + key_len + iv_len) * 2; @@ -776,7 +776,7 @@ tls1_setup_key_block(SSL *s) S3I(s)->tmp.key_block = key_block; if ((tmp_block = malloc(key_block_len)) == NULL) { - SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); goto err; } @@ -1114,7 +1114,7 @@ tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) } } if (d == NULL) { - SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC, SSL_R_NO_REQUIRED_DIGEST); + SSLerror(SSL_R_NO_REQUIRED_DIGEST); return 0; } @@ -1345,12 +1345,12 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, goto ret; err1: - SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, + SSLerror( SSL_R_TLS_ILLEGAL_EXPORTER_LABEL); rv = 0; goto ret; err2: - SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE); + SSLerror(ERR_R_MALLOC_FAILURE); rv = 0; ret: free(buff); diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 3585a3ac55..b3e86c0a31 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.112 2017/01/26 06:32:58 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.113 2017/01/26 10:40:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -742,7 +742,7 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) int el; if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, + SSLerror( ERR_R_INTERNAL_ERROR); return NULL; } @@ -754,7 +754,7 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) s2n(el, ret); if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, + SSLerror( ERR_R_INTERNAL_ERROR); return NULL; } @@ -780,7 +780,7 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) if (formatslen > lenmax) return NULL; if (formatslen > 255) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, + SSLerror( ERR_R_INTERNAL_ERROR); return NULL; } @@ -803,7 +803,7 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) if (curveslen * 2 > lenmax) return NULL; if (curveslen * 2 > 65532) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, + SSLerror( ERR_R_INTERNAL_ERROR); return NULL; } @@ -946,7 +946,7 @@ skip_ext: s2n(el, ret); if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, + SSLerror( ERR_R_INTERNAL_ERROR); return NULL; } @@ -1025,7 +1025,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) int el; if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, + SSLerror( ERR_R_INTERNAL_ERROR); return NULL; } @@ -1037,7 +1037,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) s2n(el, ret); if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, + SSLerror( ERR_R_INTERNAL_ERROR); return NULL; } @@ -1061,7 +1061,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) if (formatslen > lenmax) return NULL; if (formatslen > 255) { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, + SSLerror( ERR_R_INTERNAL_ERROR); return NULL; } @@ -1108,7 +1108,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) s2n(el, ret); if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, + SSLerror( ERR_R_INTERNAL_ERROR); return NULL; } @@ -1627,7 +1627,7 @@ ri_check: if (!renegotiate_seen && s->internal->renegotiate) { *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, + SSLerror( SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); return 0; } @@ -1880,7 +1880,7 @@ ri_check: if (!renegotiate_seen && !(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) { *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, + SSLerror( SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); return 0; } @@ -2016,7 +2016,7 @@ ssl_check_serverhello_tlsext(SSL *s) } } if (!found_uncompressed) { - SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); + SSLerror(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); return -1; } } diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c index 52f17b7d2b..ea432554b0 100644 --- a/src/lib/libssl/t1_reneg.c +++ b/src/lib/libssl/t1_reneg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_reneg.c,v 1.12 2017/01/22 09:02:07 jsing Exp $ */ +/* $OpenBSD: t1_reneg.c,v 1.13 2017/01/26 10:40:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -123,7 +123,7 @@ ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, { if (p) { if ((S3I(s)->previous_client_finished_len + 1) > maxlen) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, + SSLerror( SSL_R_RENEGOTIATE_EXT_TOO_LONG); return 0; } @@ -151,7 +151,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len, CBS cbs, reneg; if (len < 0) { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, + SSLerror( SSL_R_RENEGOTIATION_ENCODING_ERR); *al = SSL_AD_ILLEGAL_PARAMETER; return 0; @@ -161,7 +161,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len, if (!CBS_get_u8_length_prefixed(&cbs, &reneg) || /* Consistency check */ CBS_len(&cbs) != 0) { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, + SSLerror( SSL_R_RENEGOTIATION_ENCODING_ERR); *al = SSL_AD_ILLEGAL_PARAMETER; return 0; @@ -169,7 +169,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len, /* Check that the extension matches */ if (CBS_len(&reneg) != S3I(s)->previous_client_finished_len) { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, + SSLerror( SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; @@ -177,7 +177,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len, if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished, S3I(s)->previous_client_finished_len)) { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, + SSLerror( SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; @@ -196,7 +196,7 @@ ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, if (p) { if ((S3I(s)->previous_client_finished_len + S3I(s)->previous_server_finished_len + 1) > maxlen) { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, + SSLerror( SSL_R_RENEGOTIATE_EXT_TOO_LONG); return 0; } @@ -235,7 +235,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i OPENSSL_assert(!expected_len || S3I(s)->previous_server_finished_len); if (len < 0) { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, + SSLerror( SSL_R_RENEGOTIATION_ENCODING_ERR); *al = SSL_AD_ILLEGAL_PARAMETER; return 0; @@ -246,7 +246,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i if (!CBS_get_u8_length_prefixed(&cbs, &reneg) || /* Consistency check */ CBS_len(&cbs) != 0) { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, + SSLerror( SSL_R_RENEGOTIATION_ENCODING_ERR); *al = SSL_AD_ILLEGAL_PARAMETER; return 0; @@ -259,7 +259,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i !CBS_get_bytes(&reneg, &previous_server, S3I(s)->previous_server_finished_len) || CBS_len(&reneg) != 0) { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, + SSLerror( SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; @@ -267,14 +267,14 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i if (!CBS_mem_equal(&previous_client, S3I(s)->previous_client_finished, CBS_len(&previous_client))) { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, + SSLerror( SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; } if (!CBS_mem_equal(&previous_server, S3I(s)->previous_server_finished, CBS_len(&previous_server))) { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, + SSLerror( SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_ILLEGAL_PARAMETER; return 0; -- cgit v1.2.3-55-g6feb